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RISK MANAGEMENT AND REGULATORY 
FAILURES AT RIGGS BANK AND UBS: 
LESSONS LEARNED 


Wednesday, June 2, 2004 

U.S. House of Representatives, 

Subcommittee on Oversight and Investigations, 

Committee on Financial Services, 

Washington, D.C. 

The subcommittee met, pursuant to call, at 2:13 p.m., in Room 
2128, Rayburn House Office Building, Hon. Sue W. Kelly [chair- 
woman of the subcommittee] Presiding. 

Present: Representatives Kelly, Gutierrez, Moore, Maloney, and 
Matheson. 

Chairwoman Kelly. The subcommittee on Oversight and Inves- 
tigations will examine risk management and regulatory failures at 
Riggs Bank and UBS, lessons learned this afternoon. 

Two weeks ago, this subcommittee explored proposals to stream- 
line and federalize our current system to prevent money-laundering 
and terror financing. The recent cases involving Riggs Bank and 
UBS reveal regulatory and risk-management breakdowns that also 
must be examined in order to strengthen our Government’s ability 
to enforce our anti-money laundering laws. 

This afternoon, the subcommittee will investigate the noncompli- 
ant and inexcusable behavior of these two banks, along with the in- 
adequate response of our regulators. In the OCC’s oversight of the 
Riggs Bank’s case, we find no better illustration of the inherent 
weaknesses of a fragmented regulatory regime. 

We find a regulator that was reportedly aware of noncompliance 
by Riggs with high-risk foreign clientele as far back as 1997, per- 
haps even earlier, and does nothing about it. We find a regulator 
that was slow to act even after the September 11 terrorist attacks 
inside our borders made the threat posed by terror-funding net- 
works all too clear. We find a regulator with credibility so dimin- 
ished that Riggs shamelessly continued to violate the Bank Secrecy 
Act even after a full-time OCC examiner was placed on the bank’s 
premises following last summer’s consent order. 

I am very interested in hearing directly from the OCC about how 
this happened. I am also deeply concerned that we are combating 
illicit funding networks inside our country with the regulatory 
structure that was not designed to be part of our arsenal in a war 
on terror. 

Though a lot of great strides forward have been taken, particu- 
larly with the creation of the Office of Terrorism and Financial In- 
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telligence, the TFI, and with an elevated focus on improving 
FinCEN’s capability, it is evident that this is still a work in 
progress. The time has come to replace slow-footed regulatory sys- 
tems with one that is centralized, multi-dimensional and focused 
intentionally on preventing our financial institutions from being ex- 
ploited by criminals and terrorists. 

Therefore, this subcommittee will continue to pursue proposals 
that centralize our examination and compliance assets, that estab- 
lish a criminal enforcement authority, that will restore the credi- 
bility of our regulators. Such reforms should establish clear lines 
of oversight, improve our ability to quickly detect and respond to 
suspicious activity and will make clear to financial institutions 
that, from now on, brazen violators are going to be going to jail in- 
stead of just paying a civil fine. 

Our hearing today also focuses on UBS’s contract with the Fed- 
eral Reserve Bank of New York to serve as an extended custodial 
inventory which facilitates the international distribution of U.S. 
Currency. Beginning with its contract in 1996, UBS was in viola- 
tion of its agreement to repatriate old U.S. banknotes and dis- 
tribute — re-distribute new banknotes on behalf of the Federal Re- 
serve. The bank knowingly traded U.S. currency through the ECI 
with countries subject to restrictions from the Office of Foreign 
Asset Control, including Cuba, Iran, Libya, and Yugoslavia. The 
most serious and disturbing violation has been the discovery that 
officers and employees at UBS intentionally falsified documents to 
side-step detection by U.S. authorities. 

Though these actions and the company’s failure to implement in- 
ternal controls made it exponentially more difficult to detect sus- 
picious activity, it is also important to examine how and why rou- 
tine oversight by the Federal Reserve and the OCC didn’t raise any 
concerns. In fact, this subcommittee is deeply concerned that con- 
tract violations would likely still be occurring today had our mili- 
tary not been in a position to find U.S. dollars from the Federal Re- 
serve Bank of New York on the ground in Iraq. As such, I believe 
that we must investigate all ECI contracts to ensure that foreign 
governments and financial institutions are cooperating with our 
Government. 

While Riggs Bank and UBS illustrate two distinct regulatory 
meltdowns, they both speak clearly to the need for improving our 
efforts to stop terrorist financing. It may create new and unfamiliar 
responsibilities for financial institutions, but it is a moral and eth- 
ical responsibility and a license required to do business in this 
country. 

We thank our witnesses for their testimony and hope that they 
can shed some light on these issues. I look forward to continuing 
this discussion in the subcommittee’s hearing next week regarding 
the oversight of the Department of Treasury and the agency’s anti- 
money laundering efforts. 

I turn now to Mr. Gutierrez. 

[The prepared statement of Hon. Sue W. Kelly can be found on 
page 32 in the appendix.] 

Mr. Gutierrez. Thank you Madam Chairwoman. Thank you for 
calling this hearing today. It is important, especially given recent 
events, as we closely examine our anti-money laundering efforts 
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and whether they are sufficient. I am pleased we will be looking — 
we will hear from the regulators about how these problems occur 
and what steps have been taken to prevent their re-occurrence. 

The last time Congress was this concerned with the actions of 
UBS was when the Senate Banking Committee was investigating 
the sources of Holocaust financing and UBS attempted to shred 
documents which showed the extent of its involvement. I would 
have hoped that UBS would have learned from the experience to 
take U.S. law and the U.S. Congress much more seriously. I also 
recall the reluctance of Swiss banking authorities to cooperate at 
that time. While I understand that the Swiss Federal banking 
economist was much more helpful in this effort, most foreign bank 
supervisors simply lack the supervisory tools and authority of our 
regulators here in the U.S. 

I think, perhaps, this extended custodial inventory, ECI, busi- 
ness should be restricted to U.S. Institutions so that we can ensure 
no dealings with OFAC nations, and nations’ activities can be 
closely supervised by U.S. Regulators who need to take an active 
role in monitoring these activities. 

While this fine of a $100 million seems very large, it is merely, 
I believe, a drop in a bucket of a $1 trillion institution. It is a one- 
time penalty that may not have the deterrent effect against mis- 
conduct that we may have hoped for. In this case, the ECI business 
wasn’t particularly profitable for the bank — or they say — so the ter- 
mination of the contract and the exclusion from the part of their 
business isn’t likely to hurt their financial bottom line very much. 
It might make more sense to punish an institution of the size of 
UBS by restricting their conduct in a more profitable area, such as 
their ability to operate in the United States or making them sell 
off certain aspects of their business which we know to be profitable. 

I am also deeply troubled by the Riggs situation. It represents 
not merely a failure of one institution’s internal controls, but a fun- 
damental flaw in its regulation. It is my understanding that the 
flaws in Riggs systems were long outstanding and systematic, dat- 
ing well before the Patriot Act. The recent consent order is some- 
thing that should have happened 2 years ago, if not earlier. I don’t 
understand why the OCC was not more vigilant on this front and 
why it took them so long to take these actions. 

I also understand that Rigg’s problems were initially discovered 
by the FBI, rather than the OCC, and that the irregularities in 
New Guinea were discovered by the bank itself and not the OCC. 
I don’t understand, in a risk-based supervisory system, why the 
OCC was not more closely monitoring Riggs and why these actions 
were not brought to light much sooner and appropriate action 
taken. 9/11 was a wake up call for the industry and should have 
been for all regulators as well. Our safety depends on banks and 
bank regulators to be on the front lines to prevent terrorists from 
using international financial systems to fund their activities. 

I am gravely concerned that the regulator has not made this re- 
sponsibility a higher priority, and their resources may be spread 
too thin to fulfill their obligations. I have previously expressed this 
concern about the OCC’s attempt to broaden their portfolio into 
areas the Congress has not authorized. And I think, in fact, the fi- 
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nancial services committee is on the record in agreeing with me on 
this point. 

One final point which I mentioned at our May 18 hearing, the 
OCC issued, its fine, late on a Thursday. On that Friday, a Mary- 
land woman called her Congressman. She was very concerned 
about her bank account at Riggs Bank. She was referred to the 
Banking Committee staff. And she said that she wanted to talk to 
the regulator. My staff supplied the phone number for the OCC’s 
Customer Assistance Group. But unfortunately, they don’t operate 
on Fridays. They only talk to consumers 4 days a week and then 
only from 9 to 4, so that woman had to wait from Thursday night 
till Monday before she could possibly reach someone at the OCC. 

I would like to know what consumers are supposed to do when 
the OCC is not operating its call center. I think this agency is not 
concerned about consumers, and I have to doubt its commitment to 
an anti-money laundering effort. 

Thank you again. Chairwoman Kelly, for calling this hearing, on 
this hearing, on this issue. 

Chairwoman Kelly. Thank you, Mr. Gutierrez. 

Ms. Maloney? Whoops. Mr. Moore? 

Mr. Moore. Madam Chairperson, I will simply welcome the wit- 
nesses here today. 

I want to listen and learn, and I appreciate your convening this 
hearing. 

Chairwoman Kelly. Thank you. 

Mr. Matheson? 

Mr. Matheson. I will just reiterate what Mr. Moore said. I am 
looking forward to the hearing. Thank you. Madam Chairwoman, 
for calling it. 

Chairwoman Kelly. Thank you. 

I am going to just simply say that, without all objection, all 
Members’ opening statements will be made part of the record. One 
of the reasons for this is that we have a very busy schedule right 
now, and we were going to, with unanimous consent, we will just 
make them all part of the record. 

Chairwoman Kelly. Now, I would like to introduce our panel. 
With us today are the representatives from the Office of the Comp- 
troller of Currency and the Federal Reserve Bank of New York. 

Our first witness, Mr. Daniel Stipano, was appointed deputy 
chief counsel of the OCC in December of 2000. He is also a member 
of the Treasury Department’s Bank Secrecy Act Advisory Group 
and the National Interagency Bank Fraud Working Group. Prior to 
this appointment, Mr. Stipano served as director of the OCC’s En- 
forcement and Compliance Division since 1995. 

Our second witness is Mr. Thomas C. Baxter, Jr., general counsel 
and executive vice president of the legal group at the Federal Re- 
serve Bank of New York. Mr. Baxter has assumed this role since 
1995 and also serves as its deputy general counsel of the Federal 
Open Market Committee. His principal responsibility is to super- 
vise the day-to-day operation of the New York Fed’s legal group. 
That is a big job. We thank you. 

And we thank you for being here. We thank you for your testi- 
mony today. And without objection, your written statements will be 
made part of the record. 
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If you have not testified before a committee before, you will be 
recognized for a 5-minute summary of your testimony. There are 
lights there that will come on the boxes. The green light means you 
have 5 minutes. The yellow light means, please sum up in 1 
minute, and the red light means, if you haven’t already summed 
up, please try to do that as quickly as possible. Thank you very 
much. 

And we will begin with you, Mr. Stipano. 

STATEMENT OF DANIEL P. STIPANO, DEPUTY CHIEF 
COUNSEL, OFFICE OF THE COMPTROLLER OF THE CURRENCY 

Mr. Stipano. Chairwoman Kelly, Ranking Member Gutierrez 
and members of the Subcommittee, I appreciate this opportunity to 
discuss the OCC’s supervision of Riggs Bank N.A. and particularly 
our efforts to bring Riggs into compliance with the Bank Secrecy 
Act. The OCC and FinCEN recently assessed a $25 million civil 
money penalty against Riggs for violations of the BSA. The OCC 
also took a separate cease and desist action to supplement the 
Order issued against the bank in July 2003. 

The OCC first identified deficiencies in Riggs procedures several 
years ago. Beginning in the late 1990s, we recognized the need for 
improved processes at Riggs and for improvements in the training 
in, and awareness of, the BSA’s requirements and in the controls 
over their BSA processes. Prior to 9/11, the OCC visited the bank 
at least once a year and sometimes more often to either examine 
or review the bank’s BSA compliance program. 

Over this time frame, OCC examiners consistently found that 
Riggs’ program was either satisfactory or generally adequate, 
meaning it met the minimum requirements of the BSA, but we 
nonetheless continued to find weaknesses and areas of its program 
that needed improvement. We addressed those weaknesses using 
various informal supervisory actions. 

After 9/11, the OCC escalated its supervisory efforts to bring 
Riggs’ compliance program to a level commensurate with the risks 
that were undertaken by the bank. In 2002, the OCC conducted a 
series of anti-terrorist financing reviews at our large or high-risk 
banks, including Riggs. As a result of these reviews and other in- 
ternal assessments, plus published reports of suspicious money 
transfers involving the Saudi Embassy accounts, our concerns re- 
garding Riggs’ anti-money laundering program were heightened. 
Thus we conducted another examination of Riggs in January 2003. 

The focus of that examination was on Riggs’ embassy banking 
business and, in particular, the Saudi Embassy accounts. The ex- 
amination lasted for approximately 5 months and involved agency 
experts in the BSA and anti-money laundering area. It disclosed 
serious BSA compliance program deficiencies that resulted in the 
bank’s failure to identify and report suspicious transactions occur- 
ring in the Saudi Embassy accounts. 

The finding from the January 2003 examination formed the basis 
for the July 2003 cease and desist order. 

Throughout this examination, there was regular contact with the 
EBI investigators. We provided the EBI with voluminous amounts 
of documents and information on the suspicious transactions, and 
we hosted a meeting with the EBI to discuss these documents and 
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findings. Throughout this process, we provided the FBI with exper- 
tise on hoth general banking matters and on some of the complex 
financial transactions that were identified. 

The OCC began its next examination of the bank’s BSA compli- 
ance in October 2003. The purpose of this examination was to as- 
sess compliance with the Order and the USA PATRIOT Act and to 
review accounts related to the Embassy of Equatorial Guinea. The 
examiners found that, as with the Saudi Embassy accounts, the 
bank lacked sufficient policies, procedures, systems and controls to 
identify suspicious transactions concerning the bank’s relationship 
with Equatorial Guinea. The findings from this examination as 
well as from previous examinations formed the basis for the OCC’s 
recent civil money penalty and cease and desist actions. 

In retrospect, as we review our BSA-compliance supervision of 
Riggs during this period, we should have been more aggressive in 
our insistence on remedial steps at an earlier time. We also should 
have done more extensive probing and transaction testing of the 
Embassy accounts. As described more fully in my written testi- 
mony, we have reevaluated our BSA supervision processes in light 
of this experience, and we will be implementing changes to improve 
how we conduct supervision in this area. 

While not to be minimized, the Riggs situation must be put in 
broader context. Unlike other financial institutions which have 
only recently become subject to compliance program and suspicious 
activity reporting requirements, banks have been under such re- 
quirements for years. Not surprisingly, banks are widely recognized 
as the leaders among the financial services industry in the anti- 
money laundering area. The role of the OCC and the other Federal 
banking agencies is not that of criminal investigators, but rather 
to ensure that the institutions we supervise have strong anti- 
money laundering programs in place. As a consequence of our su- 
pervision, most banks today have strong anti-money laundering 
programs, and many of the largest national banks have programs 
that are among the best in the world. 

In conclusion, the OCC is committed to preventing national 
banks from being used wittingly or unwittingly to engage in money 
laundering, terrorist financing or other illicit activities. We are 
ready to work with Congress, the other financial institutions regu- 
latory agencies, law enforcement and the banking industry to con- 
tinue to develop and implement a coordinated and comprehensive 
response to the threat posed to the Nation’s financial system by 
money laundering and terrorist financing. 

[The prepared statement of Daniel P. Stipano can be found on 
page 54 in the appendix.] 

Chairwoman !^LLY. Thank you very much. 

Mr. Baxter. 

STATEMENT OF THOMAS BAXTER, JR., GENERAL COUNSEL 
AND EXECUTIVE VICE PRESIDENT, FEDERAL RESERVE 
BANK OF NEW YORK, ACCOMPANIED BY KATHERINE 
WHEATLEY, ASSISTANT GENERAL COUNSEL, AND MICHAEL 
LAMBERT, FINANCIAL SERVICES CASH MANAGER 

Mr. Baxter. Chairwoman Kelly, Representative Gutierrez and 
Members of the subcommittee, my name is Thomas Baxter, and I 
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am the general counsel and executive vice president of the Federal 
Reserve Bank of New York. 

At the New York Fed, I have responsibility for the Legal Depart- 
ment, Security and the Court Secretary’s Office. With me today are 
two representatives of the Federal Reserve Board, Katherine 
Wheatley, assistant general counsel, and Michael Lambert, finan- 
cial services cash manager. 

Chairwoman Kelly. We welcome their presence. Thank you very 
much, Mr. Baxter. 

Mr. Baxter. We appreciate your invitation and are privileged to 
appear before you to discuss the Federal Reserve’s operation of the 
extended custodial inventory, or ECI program, and our responses 
to UBS’s misconduct in operating one of our ECI facilities. 

The U.S. dollar is the most desired form of money in the world. 
In many ways, our dollar represents the strength of the American 
economy. The dollar is so desired around the world because it is 
a stable, always-reliable medium of exchange and store of value. 
Today, I will be speaking about the Federal Reserve’s operation of 
the ECI program, and I should start by describing that program. 

In operation since 1996, when the Treasury, Secret Service and 
Federal Reserve collectively decided to launch it, the ECI program 
has been a great success. The program sustains the quality of the 
U.S. dollar b^anknote, helps to deter counterfeiting and provides an 
efficient and effective mechanism for the distribution of those notes 
in our largest market, the market outside of the United States. We 
estimate that up to two-thirds of our currency, or over $400 billion, 
circulates outside of the United States. 

The ECI program involves the use of financial institutions, main- 
ly commercial banks, that are highly active in the international 
currency distribution business as Federal Reserve contractors. 
These institutions agreed to extend the Federal Reserve’s reach 
into major financial centers of other countries and hold inventory 
of our most popular product, that is the Federal Reserve note. They 
do this by holding in custody for us in their vaults U.S. dollar notes 
that we expect to distribute abroad or old and unfit notes that we 
wish to repatriate. The, quote, “extended custodial inventory,” un- 
quote, facility, helps to assure the quality of our product and its ef- 
ficient distribution. 

With respect to quality, the ECI facility performs two important 
functions. First, it positions us to better monitor and control the 
quality of our product by identifying counterfeit notes. The ECIs 
are well situated to detect such notes, to remove them from circula- 
tion, to provide intelligence to law enforcement authorities, both 
here and abroad, and to distribute new authentic notes. They per- 
form similar functions with respect to what we at the Federal Re- 
serve call unfit notes, which is a cash-processing codeword for worn 
and dirty. 

As for the efficiency of our distribution network, through our ECI 
contract partners, we are positioned in high-volume, wholesale 
banknote markets. Currently, these markets are located in London, 
Frankfurt, Zurich, Hong Kong and Singapore. At the present time, 
we have ECI contracts with American Express Bank, Bank of 
America, HSBC Bank USA, the Royal Bank of Scotland and United 
Overseas Bank. Our ECI contractors bring into the markets they 
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serve new fit notes quickly, and with similar expedition, they repa- 
triate unfit or old-design notes to the United States for destruction. 

They have ready a substantial inventory of notes to satisfy the 
periodic spikes in supply and demand encountered in a world full 
of uncertainties. Because these notes are Federal Reserve property, 
the ECI contractors do not have to finance the inventory when it 
is not needed. This leads me to my first point. 

The experience that we have had with UBS does not change the 
fact that the ECI program is a success, nor should it detract from 
the importance of the program to the Federal Reserve, the Treas- 
ury, and the Secret Service. I hasten to add that I am in no way 
trying to minimize what UBS did. The breach by UBS of our con- 
tract was wrongful, and the concerted acts of deception by UBS 
carried out over a long period of time, violated our laws. 

The Federal Reserve terminated the contract with UBS in Octo- 
ber of 2003. And we assessed a $100 million civil money penalty 
against UBS on May 10, thereby remedying the breach and pun- 
ishing UBS’s deception. This leads to my second point, which looks 
at how we respond when someone doing our business performs 
badly. 

The prompt corrective action taken to terminate the Federal Re- 
serve’s contractual relationship with UBS and to punish deception 
by UBS with a large monetary penalty demonstrates a resolve that 
Federal Reserve operations will be conducted to the highest stand- 
ards and in full compliance with U.S. legal requirements. In this 
regard, it is noteworthy that our ECI contracts in essence export 
U.S. legal requirements, including OFAC restrictions, to offshore 
facilities. The U.S. sanctions regime generally cannot be applied 
extra-territorially. 

When the Federal Reserve learned that UBS breached its con- 
tractual obligations to abide by the restrictions of the U.S. sanc- 
tions program and engaged in U.S. dollar transactions with imper- 
missible jurisdictions, we acted swiftly and surely. We terminated 
our contract with UBS and debited UBS’s account with us for the 
entire inventory maintained in the Zurich vault. 

In a day, UBS lost an entire business line that had been profit- 
able throughout the 8 years that UBS served as an ECI contractor. 
The forfeiture of profitable business is a financial consequence. 
UBS also suffered a reputational injury. Through the related action 
of our colleagues at the Swiss Federal Banking Commission, UBS 
is forbidden from reentering the wholesale external banknote busi- 
ness without the permission of the commission. This leads to my 
third point. 

The Federal Reserve will not tolerate deception. We will not tol- 
erate deception from those banking organizations that we super- 
vise, and we will not tolerate deception from those with whom we 
contract to execute important Federal programs. The ECI program 
is one such program. To transact business out of the Zurich facility 
with Iran, Cuba, Libya, and Yugoslavia, as UBS did, UBS per- 
sonnel needed to act covertly and to hide their activity from the 
Federal Reserve. The people who engaged in such conduct in Swit- 
zerland have lost their jobs. The business franchise is no more. In 
the civil money penalty that we announced on May 10, UBS paid 
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a heavy price for the deceit of the banknote personnel which it for- 
mally employed. 

Turning for just a moment back to the ECI program, the imposed 
penalty gave our remaining ECI operators 100 million reasons to 
be truthful. And on top of all of that, the Swiss Federal Banking 
Commission issued a formal, public, quote, “reprimand,” unquote to 
the largest bank in Switzerland. The banknote personnel of UBS 
deceived people at the Banking Commission just as they deceived 
us. Our colleagues at the Banking Commission joined with us in 
finding such deception inexcusable and warranting that reprimand. 
This brings me to my fourth and my final point. 

At the Federal Reserve, we are dedicated to continuous improve- 
ment, and we know that all internal controls can be bolstered 
through the lessons of experience, including our own unfortunate 
experience in the UBS matter. That experience has shown that our 
primary control for compliance with the country restrictions in the 
contract, namely, truthful monthly reporting of currency trans- 
actions by country, was just not sufficient. With the country reports 
that we received from UBS, we did not follow the old audit admoni- 
tion, quote, “trust but verify,” unquote. Since February of this year, 
our ECI contracts have a number of new features that enhance the 
control environment and provide for the necessary verification. One 
is the requirement that management of our ECI contractors attest 
yearly on contract compliance and accurate reporting and that an 
independent public accounting firm certify to the Federal Reserve 
that the management attestation is fairly stated. This Sarbanes- 
Oxley inspired change shows our commitment to continuous im- 
provement. 

Another new feature is a 17-point procedural program that spells 
out the ECI contractor’s responsibilities for OF AC and anti-money 
laundering compliance. This program provides for OFAC risk-as- 
sessments, requires the implementation of ECI program internal 
controls, establishes operational responsibility for compliance and 
specifies internal and external audit requirements. Moreover, each 
ECI operators policies and procedures directed at OF AC’s compli- 
ance will be reviewed by a team of experts from both the New York 
Feds and OFAC. 

Let me conclude by summarizing my four points. The ECI pro- 
gram is important and successful because it fosters the excellent 
quality of U.S. currency, and it has efficient distribution outside 
the United States. When someone performs poorly in the ECI pro- 
gram, you can be assured that the Federal Reserve will respond 
with prompt force, full corrective action. If there is deception in ad- 
dition to poor performance, as was the case with UBS, the con- 
sequences will be severe. Finally, we will strive to continuously im- 
prove our internal controls and the ECI program by borrowing the 
best ideas and by learning lessons from our experiences. Thank you 
for your attention. And I look forward to answering any questions 
you may have. 

[The prepared statement of Thomas Baxter Jr. can be found on 
page 36 in the appendix.] 

Chairwoman I^LLY. Thank you Mr. Baxter. I am sure there will 
be questions. 
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I am going to turn to you, Mr. Stipano. I have seen news reports 
that indicate that your agency was aware of compliance problems 
at Riggs as far back as 1998, 1997 or 1999 and I see your testi- 
mony says late 1990s. When exactly, what month and year, did the 
OCC recognize problems and violations were occurring at Riggs? 

Mr. Stipano. Well, I can’t give you the month, but I can give you 
the year. As far back as 1997, we cited the bank for deficiencies 
in its Bank Secrecy Act compliance program. The types of defi- 
ciencies that were flagged at the time tended to have to do with 
the individual elements of a compliance program, in other words, 
with training, internal controls, testing, et cetera. Those defi- 
ciencies were somewhat technical in nature and were not really at 
a level that would normally require use of formal enforcement ac- 
tion to correct. 

Chairwoman Kelly. Is there — Mr. Stipano, I am going to ask 
you this again. 

Mr. Stipano. Okay. 

Chairwoman Kelly. I would like to know a month. If it was 
1997, what month? 

Mr. Stipano. I don’t have that information at my fingertips. We 
would be happy to provide it to you though. 

Chairwoman Kelly. I would appreciate if you will do that. 

[Subsequently Mr. Stipano advised Mrs. Kelly that the month was August of 
1997.] 

Mr. Stipano. We will do that. 

Chairwoman Kelly. I think that is important for us to know. 

Mr. Stipano. Understood. 

Chairwoman Kelly. The problems you just outlined, training, 
testing, internal controls, why did it take 6 years for the SAR re- 
ports, that problem not to come to light? Your agency knew that 
there were violations at Riggs. It took an unusual step in 2003 to 
put a full-time examiner on-site, but it wasn’t until 2004 that you 
took some action by assessing a fine. 

I think you would agree that eradicating terror financing is one 
of the most time-sensitive issues that has ever faced our financial 
regulatory system. I want to know why the agency dawdled before 
taking any real action if you knew about these problems. You knew 
about them 3 years before 9/11. But even after that wake-up call, 
it took another 2 years before you got a full-time examiner on site, 
and the violations were still continuing with your full-time exam- 
iner. 

I just — ^you know, I just — it boggles my mind. I am sure it prob- 
ably boggles yours. But I would like to know why the agency daw- 
dled in not taking any real action here. 

Mr. Stipano. I don’t know that I would characterize us as having 
dawdled. 

But I would agree that, with hindsight, there certainly were 
judgments that we made that turned out not to be the correct ones. 
Let me go back a little bit in time because I think it is useful to 
look at our supervision of Riggs, both pre-9/11 and post 9/11. Pre- 
9/11, we did many examinations of the bank focusing on the ade- 
quacy of their BSA compliance program, which is our charge. The 
bank had a program and was in compliance with the regulation. In 
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other words, the regulation requires that all banks have a program 
in place and that it cover four areas. The bank had that. But it 
didn’t perform on each of those elements as well as it needed to. 
There were deficiencies. The training needed to be better. The con- 
trols needed to be beefed up. What we did not know at that time 
were the types of substantive violations of the BSA that were dis- 
covered as a result of our examination in 2003. 

I think there are a couple of reasons for that. And I will be very 
up front with you. The first is that we trusted management too 
much to get the problems fixed. In the vast majority of cases where 
you have these types of violations, the examiners bring them to the 
attention of management and the board, and the problems get 
fixed. And that is usually the end of it. That didn’t happen at 
Riggs. There was an effort made to fix the problems, but the effort 
took a long time. It took longer than it should have, and we were 
willing to give management too much slack. 

The other error in judgment that was made during that time 
frame was that we under-estimated the risk in the Embassy ac- 
counts. Pre-9/11, embassy accounts were not viewed by the OCC or 
anyone else that I know of as high-risk accounts. The types of 
things that we were focusing on for in-depth examinations were 
foreign private banking, foreign correspondent, accounts, accounts 
with Russian entities, accounts with countries that are on the Fi- 
nancial Action Task Force list, but not embassy accounts. As it 
turned out, there was a lot of risk in those embassy accounts, but 
it did not come to light until after 9/11. 

Chairwoman Kelly. I am looking now at an OCC examination. 
It is entitled Bank Secrecy Act, the OCC Examination Coverage of 
Trust and Private Banking Services issued by the Office of Inspec- 
tor General, November 29, 2001. In there, there is a chart that lists 
your rate of coverage and testing high-risk transactions for foreign 
correspondent banking at 0 percent. In other words, in November 
of 2001, the IG’s report says you weren’t even looking at this stuff. 
And that’s November of 2001. You still weren’t looking at this. 
With unanimous consent, I am going to insert this into the record. 

[The following information can be found on page 74 in the appen- 
dix.] 

Chairwoman Kelly. But that, sir, begs the question about what 
those people were doing between 2001, November, and 2003, when 
you finally put somebody in the bank. I am not asking you a ques- 
tion. I am simply making a statement here that there had to be 
some knowledge somewhere, institutionally within the OCC I sus- 
pect, that would have brought to bear some more information gath- 
ering and better oversight on foreign transactions. 

What kind of an interaction did you have with bureaus like 
FinCEN and the Fed after the OCC became aware of the Riggs 
problems? When did the law enforcement get involved? And I 
would like to know what — it was a result of the investigation into 
the report of the financial link between the Saudi ambassador’s 
wife and the 9/11 hijackers. Was that what triggered this? What 
triggered this? 

Mr. Stipano. Maybe it would be useful for me to walk you 
through the chronology, post 9/11. You are absolutely correct; 9/11 
turned the world on its head, including our world in the regulatory 
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agencies. Our immediate response in the aftermath of 9/11 was to 
work with law enforcement to identify where the accounts of the 
9/11 hijackers were, as well as where the accounts of other individ- 
uals and entities that were linked with the hijackers were. 

A process was put into place 5 weeks after 9/11 whereby the FBI 
could provide us with the names of suspected terrorists and people 
who were linked to terrorism, and we would blast it out by e-mail 
to every one of our financial institutions, who would then be obli- 
gated to report back and identify the account. So that was some- 
thing we did immediately after 9/11. 

Another major initiative at that point was to implement the PA- 
TRIOT Act, which was passed a few weeks after 9/11. It put some 
requirements in place very quickly. But very little of that statute 
was self-effectuating. It required that regulations be written. So we 
worked on various work teams with the Treasury Department and 
the other Federal financial institutions regulators to write regs to 
implement the PATRIOT Act. 

Another step that had to be taken was to write new exam proce- 
dures. Pre-9/11, our focus in this area was on money laundering. 
Post-9/11, now we are looking at something relatively new, ter- 
rorist financing. So we needed new exam procedures. These were 
all things that were done in the immediate month after 9/11. 

In the summer of 2002, we embarked on a series of anti-terrorist 
financing reviews at most of our large banks and our other high- 
risk banks, including Riggs. The purpose of those reviews was to, 
determine the extent of compliance with the PATRIOT Act require- 
ments that were in place as of that time, and to see what the 
banks were doing to deter and prevent terrorist financing. And to 
the extent that we discerned weaknesses, we would then follow up 
with a more full-scope exam. 

Riggs was, as I said, part of that group that was examined with 
these anti-terrorist-finance exams. And it disclosed weaknesses. So 
that was part of our impetus for doing the January of 2003 exam. 

Now, in the meantime, that fall, there were published accounts 
of Riggs accounts related to the Saudi Embassy that may have 
been used to funnel information to people associated with the hi- 
jackers. Obviously, became aware of that and that caused us to 
focus with particularity on the Saudi Embassy accounts. Up to that 
point, other than the normal types of supervisory interactions that 
we would have with the Fed on any bank that has a holding com- 
pany, there was not extensive contact with other agencies. There 
was not with FinCEN, and to my knowledge, there was not with 
the EBI. 

Once that examination began, that all changed. The exam we did 
in January of 2003 involved some of our best agency experts. It 
went on for 5 months. It was an intensive drill-down type of look 
at the Saudi accounts, and it discovered all kinds of problems, 
mainly a lack of sufficient know-your-customer documentation and 
a failure to file suspicious activity reports in noncompliance with 
the BSA. 

This information was provided to the FBI. We had many meet- 
ings with the FBI. I shared a lot of information with them, and at 
the conclusion of the examination, we made a referral to FinCEN 
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for the assessment of civil money penalties under the Bank Secrecy 
Act. 

Chairwoman Kelly. Okay. I think that we can talk about that 
further because it brings questions in my mind about when you say 
that there was no contact between your agency, FinCEN, FBI and 
the Treasury prior to this. It just — I hope that that has changed. 

Mr. Stipano. But at that point, there really wouldn’t have been 
a reason to. I mean, we would normally make a referral to FinCEN 
under guidelines that FinCEN and the banking agencies agreed to 
many years ago. Prior to that January 2003 exam, systemic BSA 
violations had not been discovered, so there would not have been 
a basis for a referral to FinCEN. And we were unaware of any 
criminal violations that would have necessitated a contact with the 
FBI. 

Chairwoman Kelly. Well, in 1997, there were some areas of con- 
cern. And it didn’t improve, and it continued to not improve. I 
think we should — I think we should maybe get into another dia- 
logue about this, and I will have some further follow-up questions 
on it as I think. 

But the report that was — a report that was issued by the Treas- 
ury Inspector General found that you really lacked, as I pointed 
out, sufficient testing of the high risk transactions that were com- 
monly associated with money laundering or lacked review and eval- 
uation of critical BSA reports that banks are required to file. Now, 
that is — I am quoting from the inspector general’s report that I put 
into the record. Specifically, examiners did not test wire transfers, 
transactions with foreign correspondent banks, currency trans- 
action reports or suspicious activity reports. In fact, when they 
looked at that, you had a 0 percent score. 

The report concluded that the OCC should ensure that examiners 
complete transactional testing of high-risk BSA areas, and this was 
November 2001. And it notes that the OCC management concurred 
with that recommendation. So the management, the OCC knew in 
2001 that there were shortcomings there. And, you know, if you — 
the OCC scored 0 percent in high-risk areas. You wonder then, 
there are some other things on that chart. You wonder about some 
of these other areas. And if you thought you were performing at a 
certain standard, you think that you maybe now might be over- 
stating your ability to handle the issues? I was adding up this — 
your testimony, the number of people who worked for the OCC. 
You have taken on a lot. And I am wondering if you are overstating 
your ability to handle the issues. 

In the Riggs case, that bank is located just a couple miles from 
its own regulator, the OCC, in a high-threat area with the largest 
embassy banking clientele. You begin to wonder how many warn- 
ing signs it takes, how many IG reports it takes. And you begin to 
wonder that — how can the American people have any confidence to 
handle this financial oversight? You know, banking regulators have 
had every warning and every opportunity, and I am not so sure we 
can win any longer. 

On a scale of 1 to 10, how would you rate banking regulators’ 
ability to oversee the BSA compliance right now? 

Mr. Stipano. 9. This is not a new area for us. Chairwoman Kelly. 
This is something that we have been doing for decades. And I am 
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not saying that we are perfect and that — I am not saying that the 
supervision that we did in Riggs was perfect. But our job is to en- 
sure that banks have strong anti-money laundering programs, and 
banks have been under that requirement for 17 years. 

The OCC has been very aggressive and vigorous in this area. For 
example, since 1998, we have taken 78 formal enforcement actions 
against banks and their institution-affiliated parties that were 
based in whole or in part on violations of the Bank Secrecy Act. 
Some of those cases are among the most significant money-laun- 
dering cases that the United States Government has ever brought, 
and the OCC played a key role in those cases. 

As a consequence of our vigilance in this area, most banks have 
excellent BSA compliance programs, and some of the largest na- 
tional banks have programs that are among the best in the world. 
They are the model that nonbanking financial institutions are try- 
ing to achieve. 

And, frankly, I think the real area of concern and one of the best 
things that the PATRIOT Act did was it extended the types of re- 
quirements that banks are under, like the compliance program re- 
quirement and the SAR filing requirement, to a whole host of in- 
dustries that previously had not been subject to those require- 
ments: money transmitters, pawn brokers, broker-dealers, et 
cetera. And the task now is to get those industries up to the level 
where the banks are. 

Chairwoman Kelly. Finally, I look inside here, and you say you 
have nearly 17,000 examiners in the field. It seems to me that 
what happened with Riggs may not be an isolated case. I think 
that there may be difficulty in communications with other agencies. 
I think that maybe it might be time, for the sake of the American 
people’s trust in our financial system, to let the agency egos be put 
aside and start recommitting to working together so that you can 
share information. 

I am very concerned that information has not and may still not 
be shared between agencies. The problem is, one, when a regulator 
goes in and begins to look at the things they are charged to look 
at, they get very involved in the paper work, the appropriate forms 
filled out, the appropriate forms filed and the appropriate filing 
cabinets. It does us no good, in terms of bank regulation and en- 
forcement, to have everything go into a filing cabinet and not be 
enforced. And I am very concerned that we maybe think about not 
only civil but criminal enforcement and possibly think about ensur- 
ing that compliance is assisted by a criminal enforcement program 
within the Treasury. 

Do you think it would have made a difference last year, if 
Riggs — when Riggs was kind of shamelessly flaunting all your reg- 
ulations in your face — if someone had been able to pick up in 
Treasury, at that moment, and had criminal enforcement powers 
for the BSA? I mean, right now, the IRS is the only one that has 
that power. Wouldn’t it be helpful that maybe we have criminal en- 
forcement capability with people who are familiar with the controls 
and the systems of the financial institutions to put it all together? 

When your reports come in and say, wait a minute, this is a red 
flag, something needs to happen. What do you think about that? 
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Mr. Stipano. I think it would be very, very difficult for another 
agency or group of agencies to duplicate or improve on the job that 
the banking agencies do when it comes to assessing the adequacy 
of a BSA compliance program for a couple of reasons. One is that 
we have at our disposal thousands of bank examiners who are 
skilled experts at doing this, and that would not be true with an- 
other agency. And the type of work that is involved, assessing con- 
trols, assessing training, testing, is within the particularized skill 
sets of most bank examiners. So handing that function to another 
agency, in my view, would be a step backward and would not im- 
prove compliance in the anti-money laundering area. 

That said, I agree with you that there is room for improvement 
when it comes to coordination among Government agencies and in- 
formation-sharing. One area where I think that the Government is 
lacking is that information-sharing often is a one-way street from 
the banks and from the banking agencies to criminal law enforce- 
ment. There has been improvement since the PATRIOT Act. The 
process that I described to you previously, of sending out the con- 
trol list, has now been codified under Section 314 of the PATRIOT 
Act. That is a significant development that has made it much easi- 
er for law enforcement to target accounts of potential terrorists. 
But that is relatively new. 

What I think would help the banking agencies probably more 
than anything would be for the Treasury Department and FinCEN 
in particular to better utilize the data that they have to provide us 
with analytical reports that would allow us to be better at identi- 
fying the risks and concentrating our resources on the high-risk 
banks and the areas within the banks that pose the greatest degree 
of risk. That is something that I understand is a very high priority 
with FinCEN presently and something that they hope to accom- 
plish. 

Chairwoman Kelly. Well, right now, FinCEN doesn’t have the 
ability to enforce anything. They are collecting. And they are col- 
lecting information. Streamlining and centralizing. 

I heard you talk about streamlining, but I think also maybe we 
need to think about centralizing information so that it can be ap- 
propriately examined with one oversight and be responded to, so 
we don’t have another instance where it has taken since 1997 be- 
fore people throw up their hands and said, “Oh my goodness, there 
is something happening here.” that is — streamlining and central- 
izing might be good. It is not necessarily always one of the things 
that we do with the Federal Government, but in this instance, it 
might be a good thing. So maybe we can talk about that also. 

Mr. Stipano. I just want to be clear on this point though because 
our view is that, while errors in judgment were made on Riggs, 
Riggs was an anomaly and the system as a whole presently func- 
tions very well. It can be improved, and we hope to improve it. And 
the way to improve it is through better coordination among agen- 
cies and increased information-sharing. The solution, in our view, 
is not to junk the present system and replace it with something 
else, because I don’t believe that you will replace it with a system 
that is better than the one you have right now. 

Chairwoman Kelly. Well, Mr. Stipano, I am not interested in 
junking the present system, but I am interested in making sure 
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that we don’t walk out of here this afternoon and find that, on the 
front pages of the newspapers tomorrow morning, there is another 
Riggs situation. 

I think it is very important that we look at how the examinations 
are being done, how information is being collected, how it can be 
better collected in a place so that it can be reacted to by the people 
who have the enforcement capability. And if there is not an appro- 
priate enforcement capability at the agency in charge, which in this 
case is the Treasury, then the Treasury probably should have that 
enforcement capability. And it may be something that we want to 
think about. 

It is just — I am just throwing this out here, because I think it 
is clear there was a break down in the system. And when that hap- 
pens, we need — it is right and appropriate for us to take a look at 
how to better that system so that doesn’t happen again. 

Mr. Baxter, I would like to ask you a couple of questions. There 
are indications that the Fed saw hints of OFAC related problems 
at UBS early in the ECI program and had some conversations with 
the bank. Please tell us if those concerns were ever communicated 
to OFAC. Also, please tell us why there was not much more strin- 
gent attention to the problem if there was even a hint of OF AC- 
related problems. 

Mr. Baxter. Chairwoman Kelly, first, with respect to whether we 
had an early warning of a problem at UBS involving OFAC, the an- 
swer is no. 

In 1998, following the merger between UBS and Swiss Bank Cor- 
poration, Federal Reserve officers felt it was appropriate to remind 
the UBS management that came in at the time of the responsibil- 
ities for OFAC compliance under the contract. But that was trig- 
gered not by concern that there was a compliance failure. It was 
a concern about management change that attended the merger of 
Swiss Bank Corp and UBS. 

With respect to notification to the office of foreign assets control, 
we first learned of an OFAC problem on June 25 of 2003 when an 
officer who was visiting the Zurich facility learned that there had 
been transactions of cash with Iran, which of course was not per- 
mitted under the contract in early July. All of that information was 
communicated to our colleagues at OFAC, and I should emphasize 
that we communicated the information that we had at the time, in- 
formation that was not correct in several different respects, but the 
information was timely communicated by the Federal Reserve to 
OFAC as soon as we learned that we had a problem. 

Chairwoman Kelly. Did the Fed send correspondence after the 
UBS merger to warn them of interaction with OF AC-listed coun- 
tries? 

Mr. Baxter. I wouldn’t characterize it as a warning. I would 
characterize it as a reminder, and the concern was specifically gen- 
erated by the fact that anytime there is a merger, particularly a 
merger of the dimension of the UBS-Swiss Bancorp that with man- 
agement change come new people, and the new people might not 
be mindful of the special contractual requirements that we ex- 
ported through our contract to Switzerland. And in Switzerland 
there were no prohibitions on transactions by Swiss banks with 
Cuba, with Iran; there were restrictions with Libya and Yugo- 
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slavia. So it was appropriate for us to remind periodically not only 
UBS, but other ECI operators that there were special restrictions 
exported from the United States by contract. 

Chairwoman Kelly. I just turned to Mr. Gutierrez, because ear- 
lier in his opening statement he talked about whether or not the 
ECI should be with American-owned banks only. 

Why wouldn’t some aggressive steps, having been taken in 1996, 
make certain that ECIs around the world were operated by U.S. 
banks? Why wouldn’t they, by definition, have to observe the OF AC 
sanctions? Is there some reason why that didn’t happen? 

Mr. Baxter. First, with respect to the point about U.S. institu- 
tions — and it is a very good point because, as U.S. persons, 
branches abroad of U.S. banking organizations are subject to OF AC 
requirements, so they would not need to be reminded or they would 
not need to be required in a contract. But there are also specific 
reasons why the Federal Reserve looks to foreign institutions in 
certain locations. And let me give you a case in point, and the case 
in point happens to be UBS. 

At the time we started our ECI program, we were particularly 
concerned about replacing a $100 note with a new note, and one 
of the places that the old $100 note was very, very popular was in 
the former Soviet Union. At that point in time, there was an Amer- 
ican bank called Republic National Bank that was serving the 
former Soviet Union. That American bank decided that it was no 
longer interested in the Russian business. And so we were in the 
position of wanting to reach into Russia to deal with the replace- 
ment of the $100 note, and we needed to find an ECI contractor 
who could do that. 

UBS was the contractor who stepped forward. So in that par- 
ticular case, we looked to a foreign institution to fill in for a tJ.S. 
institution that no longer exists, but at the time it was with- 
drawing voluntarily from that particular business, business that 
the Federal Reserve, the Treasury, and the Secret Service and the 
American ambassador at the time felt was very important to pay 
attention to with respect to the replacement of that $100 note. 

So there are reasons that we look to particular foreign institu- 
tions to extend our reach into certain jurisdictions, like Zurich back 
in 1996, like Singapore with respect to United Overseas Bank; and 
those are reasons to look to foreign institutions to service us. And 
what we do with the foreign institutions is, we basically apply 
through the contract the OF AC restrictions. 

Chairwoman Kelly. Thank you. 

Mr. Gutierrez. 

Mr. Gutierrez. Thank you very much. Welcome to you all and 
thank you for your testimony. I want to go back to Mr. Stipano. 

The chairwoman and you, through her questions, spoke a little 
bit about the Riggs situation in 1998 and 1999. Now, I will put 
words in your mouth, so you can correct anything that you said, 
that one of the reasons was that your auditors believed what was 
being said by the answers that were given by Riggs employees back 
to your regulators and auditors; is that what you said? 

Mr. Stipano. I don’t know if I would characterize it exactly that 
way. 
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Mr. Gutierrez. Why don’t you recharacterize it, because I want 
to know exactly what happened. 

Chairwoman Kelly said, well, what happened, you were there for 
1 year, 2 years, 3 years; and you said, well, one of the reasons 
was — I understood that they lied to you. And you kind of phrased 
it a little nicer and said, they didn’t quite — we kind of believed 
them. 

Mr. Stipano. I wouldn’t say that they lied to us, but I think that 
what was going on in that pre-9/11 period was that our examiners 
were finding deficiencies with the bank’s BSA compliance program 
at every exam. They weren’t the kinds of deficiencies that were 
flagged in the 2003 exam where we looked in depth at the Saudi 
Emb^assy accounts, but there were problems, and we brought these 
problems to the attention of bank management and the board. 
They were discussed during the exams. They were written up in 
the exam reports, and we secured what we believed was a commit- 
ment from bank management to fix them. 

What would happen is really what I would term more accurately 
as “foot dragging.” The changes that we wanted to have made were 
made, but they were made slowly. There was not a real responsive- 
ness. And looking back at this with hindsight, I think that 

Mr. Gutierrez. You trusted them. 

Mr. Stipano. We trusted them. And in hindsight, we shouldn’t 
have done it. 

Mr. Gutierrez. I guess we finally found a word to describe why 
it might have taken the OCC as long, because you trusted them. 
But it seemed to me that an organization such as yours, which is 
safety and soundness and is the regulator, there shouldn’t be issues 
of trust. I mean, you know, was it trust but verify? And I don’t 
think you were verifying, because similar things popped up later 
on. 

It should have been caught earlier. And just so that we don’t 
think it is the chairwoman and I who have decided, because they 
sent you down here — they usually send one of the counsels down 
here. Mr. Hawke is good at doing that, but he acknowledged, and 
these are his words in the New York Times, he says “We should 
have gotten tougher earlier, and I don’t make any excuses for it. 
It’s a fair criticism of our supervision of Riggs that we let things 
go on too long.” 

So when you describe a situation, which is a 9, in which Mr. 
Hawke, who I would characterize as a very self-assured person — 
I wouldn’t say arrogant, but self-assured person, doesn’t take much 
from anybody, right, tough — says, we took too long and which his 
deputy counsel, yourself, said, we trusted them too much, I think 
you can start wondering. 

I mean, if the FBI came and said, yeah, we talked to the terror- 
ists, but we trusted them and so the buildings came down, I think 
people might think it wasn’t a 9-out-of-ten system that was work- 
ing there. I mean, just understand that from our point of view 
that — just we trusted them, they took too long, there was foot drag- 
ging. You are the boss. I mean, when a regulator sends down bank 
examiners, I want them to shake up that bank. I want them to go 
all the way up the chain of command and say, we have a problem 
and we have to clean it up or — I think you know what the problem 
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is, Mr. Stipano, it is always the “or.” Maybe they take the risk of 
getting caught and the fines and the penalties, which was one of 
my earlier questions. 

We have to think of new fines and new penalties. I mean, this 
is like risk: What is my risk as a financial institution if I foot drag? 
What is the most that the OCC — maybe we need tougher penalties, 
and we have been doing some of that. 

So it just seems to me that to say we trusted them, especially 
in this new age after we passed the PATRIOT Act, you can’t trust 
anybody anymore. We can’t trust the Riggs. We can’t trust UBS. 

I am sure the folks at the Federal Reserve Bank trusted them. 
They said, what a great company, they are really going to come on 
and do this job. And we can’t do that. We need to monitor them, 
don’t you think? 

So 9 out of ten, I don’t think in this particular case to say that 
this is just one. l^ich are the other cases in which you are trust- 
ing people today that tomorrow we are going to find out that that 
trust was ill conceived? 

Mr. Stipano. First of all, I always agree with Mr. Hawke. So I’d 
like to get that on the record. 

Mr. Gutierrez. I don’t, and in that, we don’t share a common 
opinion. 

Mr. Stipano. Secondly, while I would characterize our overall ef- 
forts in this area as a 9, I certainly would not characterize our ef- 
forts with respect to Riggs as a 9. We made errors in judgment, 
and I think they are obvious and we have discussed them. But I 
don’t think that Riggs is emblematic of our supervision broadly in 
any area and certainly not in the BSA area. 

Mr. Gutierrez. Let me ask you a question. Do you still trust 
people? Do you still send your bank auditors out and say, we trust 
them, and walk away? 

Mr. Stipano. I believe you have to trust but verify. 

Mr. Gutierrez. Okay. Well, I would like to know what kind of 
things you are doing differently, given that Riggs started in 1997, 
1998, 1999, and finally, voila, this year we got a fine. So that is 
a long time, as we sit here, to watch an institution such as yours, 
that wants to expand. 

Now you are sending out preemption notices to the States saying, 
not only do we want to do all the great things we did while Riggs 
was doing all of these nefarious things, we want to expand our au- 
thority; but we don’t want to actually charge any more fees to our 
customers, the banks, in order to hire more employees in order to 
expand that authority. 

So I see an institution that walks up here and says, we are doing 
everything fine, we are doing everything so great — this is Mr. 
Hawke, of course, not yourself — doing everything so great and now 
we want to preempt attorneys general and bank regulators and 
other people at the State level from issues and consumer com- 
plaints, that you want to now preempt stateside. 

So I think you get my worry. 

Let me just say that I read your testimony, and it was like on 
page 19 on the top that says “The examiners found that, as with 
the Saudi Embassy accounts, the bank lacked sufficient policies. 
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procedures and controls to identify suspicious transactions con- 
cerning the bank’s relationship.” 

You found out about those irregularities at the Equatorial Bank, 
or did the Riggs people tell you about them or the FBI tell you 
about them? Because as I read that, it kind of sounds like, voila, 
our examiners found out about it. Did your examiners find out 
about it as I was led to believe when I first read that paragraph 
or did others bring it to your attention? 

Mr. Stipano. Let me give you an answer to that question. First 
of all, I don’t think the sentence says that we found problems in 
the Equatorial Guinea accounts. 

Mr. Gutierrez. It says “The examiners found that, as with the 
Saudi Embassy accounts, the bank lacked sufficient policies, proce- 
dures and controls,” “the examiners found.” 

Mr. Stipano. Right. 

Mr. Gutierrez. Did the FBI or Riggs find it? 

Mr. Stipano. No. The examiners found that, just like with the 
Saudi accounts, the bank did not have policies and procedures with 
respect to Equatorial Guinea. What happened with Equatorial 
Guinea was that this was actually something that was going to be 
looked at during the January 2003 examination. There were pub- 
lished accounts of problems 

Mr. Gutierrez. I just read it and I just want to see. So if you 
can only find something once between the OCC, the FBI — what 
agency, who brought it to public attention first? Did the bank ex- 
aminers show up and say, voila, we found this or did Riggs say it? 

Mr. Stipano. The examiners did not find the problems at Equa- 
torial Guinea. 

Mr. Gutierrez. That’s what I am trying to say. So then, in other 
words, when I read your testimony and when I first read it, I said, 
hey, look, the examiners did a great job. They found this. 

Actually, they didn’t find it. 

Mr. Stipano. Congressman, with all due respect, I don’t believe 
that is what that sentence says. The sentence says that they didn’t 
find adequate policies and procedures with respect to those ac- 
counts, just as they didn’t find adequate policies and 

Mr. Gutierrez. But really Riggs is the one that brought this to 
the attention of the OCC about the lack of procedures? 

Mr. Stipano. Not exactly. 

Mr. Gutierrez. Fine. It is all right. What is, is. It will come up 
again 

Mr. Stipano. Can I just finish the answer? 

At the conclusion of the 2003 examination, we told the bank that 
the next time we are in there, this was going to be an area that 
we were going to look at. So the bank was on notice that this was 
priority and, frankly, that was one of the problems. And the reason 
for such a big sum of money penalty was that despite having been 
put on notice, they still did not clean up those accounts. 

Mr. Gutierrez. All right. Let me just say that when your boss, 
Mr. Hawke, says nonsense about what banks are going to do, and 
I hear you give yourself a 9 out of 10, and I think that I with my 
staff kind of set the tone. So if I am out there saying that Congress, 
even though there has been a vote of the Banking Committee say- 
ing basically, the OCC is wrong, this committee has voted — and we 
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are kind of elected, the last time I checked. At least with everybody 
else there was no dispute in their election by the people. 

When he says, nonsense, and this committee says to Mr. Hawke, 
let’s sit down, which we have done on a number of occasions, and 
let’s sit down with bank regulators and let’s sit down with attor- 
neys general and let’s sit down with this committee and let’s try 
to resolve our differences after this committee has taken a vote — 
not the Congress, but this committee has taken a vote — saying we 
think you have exceeded your authority and he says, no, nonsense, 
everything is fine, I guess that can, I believe, create a sense of ar- 
rogance within the institution when the boss basically says to Con- 
gress, after it has taken a vote in the committee, and uses those 
kinds of words when we believe we have a concern — and not only 
we, but a lot of other people think that there is concern. 

Let me just ask you that when consumers now call you folks up, 
have a consumer complaint, am I right that those phones only op- 
erate Monday through Thursday from 9:00 to 4:00? 

Mr. Stipano. Congressman Gutierrez, I have to confess here. I 
am not the expert on our Customer Assistance Group. 

Mr. Gutierrez. We called on a Friday, and it said it was closed. 
So you won’t dispute that? 

Mr. Stipano. I don’t know whether it is or not. 

Mr. Gutierrez. Let me just tell you, we tried it, and it said 9:00 
to 4:00 Monday through Thursday. 

I was a former city council member back in Chicago, and I loved 
that job a lot, and one of the things that kept us very close was 
that if your cable didn’t come on because the city council would au- 
thorize who got the cable license, people would call me up and say, 
I called the cable company and they won’t fix it; and if I told them 
that I was allowing the cable company, which I had voted, as the 
city council, to only open up their offices from Monday through 
Thursday from 9:00 to 4:00, I don’t know how long I would have 
stayed in the city council. 

I think if people call up the gas company in Chicago or Common- 
wealth Edison that has the franchise to serve electricity, and they 
were only going to open from 9:00 to 4:00, as a matter of fact, if 
I decided that my city council office or my congressional office to- 
morrow was only going to operate from 9:00 to 4:00 Monday 
through Thursday, I think you would agree with me that I would 
have a problem in doing that. 

And I think that you should understand that you have a problem 
and that when people complain to us that their complaint is well 
grounded, that government should work Monday through Friday 
9:00 to 4:00 — maybe that is not an 8-hour day — and that if you 
need more help, since you want to expand your authority and pre- 
empt the States, that maybe you should say. Congress, we don’t 
agree with you, but we are going to open Monday through Friday. 

Does it sound legitimate to you as the deputy counsel that you 
should operate Monday through Friday? 

Mr. Stipano. I do not deal with the Customer Assistance Group. 
I am open Monday through Friday, and I don’t leave at 4:00. And 
I get calls from people all the time. In fact, usually if there is a 
problem in the BSA area, the call ultimately comes to me. I am not 
suggesting that I want to function as a shadow Customer Assist- 
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ance Group, but there are other people in the agency that can take 
calls 

Mr. Gutierrez. But the rest of the agency functions Monday 
through Friday, right? 

Mr. Stipano. The agency functions Monday through Friday. 

Mr. Gutierrez. I suggest that all parts of the agency should 
function Monday through Friday, and I think we can probably give 
a lot of different examples about what would be wrong with not 
functioning Monday through Friday. It seems to me that that is the 
work week and that the financial institutions are open and people 
have problems; and it is wrong for agencies such as yours to want 
to preempt States and then say, we are only going to open our of- 
fices from Monday through Thursday from 9:00 to 4:00. It should 
be a better operation so that the public, which I have a concern 
about, is well served so that we are not getting messages that say 
we don’t have to deal with you. Attorney General, the OCC says 
that has been preempted; let’s call their offices, only to find your 
offices aren’t open. 

Because you want to know something. My State bank regulators 
in Illinois are open Monday through Friday. The attorney general 
of the State of Illinois is open Monday through Friday. And across 
this country I have yet to find a State bank regulator or attorney 
general, which your agency wishes to preempt, that is not open 
Monday through Friday. So I would expect that if you want to take 
over the responsibilities of those State agencies that at least you 
afford the public the same customer service that is currently being 
afforded them by attorneys general and State bank examiners, that 
we don’t reduce the quality of service to the American people which 
you and I have made a vocation to carry out. I guess that is our 
point. 

I have other questions, and we will submit them for the record. 
Thank you very much. Madam Chairman. 

Chairwoman Kelly. Okay. Thank you. 

Mrs. Maloney. 

Mrs. Maloney. Thank you. Madam Chair, for your hard work on 
this, and Ranking Member Gutierrez. 

Welcome, Chief Counsel Stipano and General Counsel Baxter. I 
request that my opening statement be put in the record. I really 
would like to ask Mr. Stipano what aspects of the PATRIOT Act 
could help avert a repeat of the Riggs problem. 

Mr. Stipano. I think that there are provisions in the PATRIOT 
Act that are helpful and will be helpful going forward. But I think 
that the problems 

Mrs. Maloney. Specifically, which ones would be helpful going 
forward? 

Mr. Stipano. I think that, first of all, section 312, which is the 
provision that requires due diligence and enhanced due diligence 
procedures for foreign private banking and correspondent accounts, 
that would be something that would be helpful because even 
though the Saudi Embassy accounts were not technically private 
banking accounts, in some ways they were operated like they were 
private banking accounts. 

There is an interim final rule in place implementing section 312. 
My understanding is that the Treasury Department will soon be 
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issuing a final regulation which will codify this requirement, and 
I think 

Mrs. Maloney. Why is it taking so long? We passed the PA- 
TRIOT Act and the anti-money laundering provisions almost 3 
years ago. And we still haven’t put the rule in place? I mean this 
is really outrageous. 

Mr. Stipano. We have all the other ones in place. I am not a 
spokesman for the Treasury Department, though. The Treasury 
Department has the pen on this particular regulation, and it is the 
Treasury Department that has to issue the rule. So mayhe this is 
a question for your hearing next week. I don’t really know the an- 
swer to that. 

Mrs. Maloney. Well, then when you were looking at Riggs, 
under what standard did you examine Riggs regarding the due dili- 
gence and the opening of accounts with the diplomatic community? 
Were you using the standard before 312 or the intent of 312, sec- 
tion 312? 

Mr. Stipano. We have a requirement that all banks have a com- 
pliance program, and among the things that are required as part 
of a compliance program are satisfactory internal controls. That 
would include due diligence procedures for all accounts and en- 
hanced due diligence procedures for high-risk accounts. 

The embassy accounts — at least the Saudi Embassy account is a 
high-risk account; and what the bank should have done was, first 
of all, they should have had better systems in place so that they 
knew the number of accounts that they had. Secondly, they needed 
to have better information on how those accounts would be used, 
what the sources of funds would be, where the funds would go. 

Mrs. Maloney. But when you knew about this in 1998 and 
1999 — it was well known to the OCC that they were not in compli- 
ance with the Bank Secrecy Act at Riggs — did you go to them and 
suggest that they have standards and procedures and due dili- 
gence, and then go back and just make sure they got the job done? 
I mean, this is serious stuff right now. 

Every time I pick up the paper. New York, where I live, is Code 
Red, at least Code Orange. They are announcing terrorist attacks 
any day now, and we all know you can’t attack without money. So 
if you crack down on the shipment of money, we can crack down 
on the ability of terrorists to act. 

I mean, this is extremely serious and not to put the regs in place 
or even to have followed them or to have gone back — you talk about 
all the people you have in the field. What about who you have in 
Washington? You don’t even have to leave the office. You are right 
here in Washington with Riggs. You can walk across the street and 
see them, practically. 

And we knew, since 1998, they had problems with these high- 
risk accounts, and yet we didn’t come in and crack down on it 
more. I mean, I find it quite frankly scandalous. 

Mr. Stipano. I couldn’t agree with you more as to the serious- 
ness of this matter, but what we knew in 1998 was very different 
from what we knew in 2003; and in 1998 what our examinations 
revealed were deficiencies in the compliance program, not whole- 
sale violations of the Bank Secrecy Act. It was a much less grave 
type of violation. 
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They were brought to the attention of management. They were 
written up in the exam report. Commitments to fix the problems 
were obtained. But as I testified earlier, bank management did not 
follow through on these changes as quickly as they needed to, and 
hence, there were repeat violations. 

There is no question, looking back at it with hindsight, we should 
have been more forceful with that bank at that point and not wait- 
ed until 2003 to take a formal enforcement action. 

Mrs. Maloney. What does your enforcement action mean? Will 
they be fined? What is going to happen? 

Mr. Stipano. There actually are three actions that the OCC has 
taken. The first one was in July of last year, and that was a cease 
and desist order. It is a public enforcement document. It is about 
20 pages long. It requires the bank basically to take steps to im- 
prove its anti-money laundering program. 

That cease and desist order was supplemented by a second cease 
and desist order that was issued a few weeks ago and 

Mrs. Maloney. What I don’t understand is, why didn’t you issue 
a cease and desist order the minute that the FBI alerted you to the 
problems at Riggs? It almost makes it sound as if the OCC doesn’t 
take the Banking Secrecy Act issue seriously. 

Is it a priority at the OCC, the BSA? 

Mr. Stipano. It absolutely is a priority. We were not alerted by 
the FBI. We found escalating problems with the bank’s program 
through our exam process and because of published reports about 
connections between the Saudi accounts and the hijackers. That 
triggered this very extensive examination that we did last year 
which formed the basis for our subsequent enforcement actions. 

Mrs. Maloney. But you say that the BSA issues are a high pri- 
ority of the OCC, but I am told that they are not even part of the 
National Bank Examiners Handbook, that most of the regulations 
that were issued in 2002 aren’t even part of the examiners hand- 
book. Now is that true 

Mr. Stipano. No, that is not true. The 

Mrs. Maloney. — that it is not fully updated? That the handbook 
is not fully updated? 

Mr. Stipano. We are in the process of updating it, and there 
should be a revised version out shortly, but 

Mrs. Maloney. Why didn’t you update it the minute that we 
passed the PATRIOT Act? This is serious business. 

I can’t tell you how quickly New York reacted in a thousand 
ways. We totally rebuilt the command center that was destroyed, 
within 19 hours, completely rebuilt it, and I can’t believe you can’t 
get the handbook updated with the information that we passed to 
combat money laundering and terrorist dollars flowing through our 
country. I mean, really it is beyond — it is a disgrace, I think, an 
absolute disgrace. 

Mr. Stipano. The PATRIOT Act required us to make lots of 
changes in our examination procedures and to write regulations, 
and that took time. We could have come out with a revised hand- 
book earlier, but if the procedures weren’t done and the regulations 
weren’t written, it probably would not have been of great value to 
the examiners. 
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Mrs. Maloney. It would not have been. Well, what more should 
we be doing to make sure that the type of actions at Riggs don’t 
happen again? 

Mr. Stipano. I think there are a number of steps that the OCC 
is prepared to take. 

Mrs. Maloney. Such as? 

Mr. Stipano. Comptroller Hawke has directed our Quality Man- 
agement Division to do a stem-to-stern review of the Riggs matter 
to find out what happened and to see what lessons we can learn 
from it. But even before that review is done, there are several steps 
that we can take right now, and we are taking them. 

Mrs. Maloney. When is your report on lessons learned from 
Riggs going to be due? In another 3 years? 

Mr. Stipano. No, it will not be. It will be a matter of months. 
In fact, the review has already begun. 

Mrs. Maloney. I would respectfully request that when it is done, 
it would be handed in to the chairwoman so she can give it to all 
of us, so we can all read it. 

Chairwoman Kelly. Mr. Stipano, I would concur with that. We 
would like that report delivered as soon as possible. 

Mr. Stipano. As soon as it is completed, we will deliver it. 

Chairwoman Kelly. I thought you said it was completed, sir. 

Mr. Stipano. No, no. I said the review has begun. 

Chairwoman Kelly. The review has been done? 

Mr. Stipano. The review has begun. 

Chairwoman Kelly. Has begun. And I am sorry, if the gentle- 
woman would yield, her question was how long do you expect that 
to take? 

Mr. Stipano. I don’t know exactly how long it will take. My 
guess is it will probably be several months. 

Chairwoman Kelly. Would you please inform us of the progress 
of that report on a regular basis? 

Mr. Stipano. Yes, we will. 

The due date, by the way, is September 1. 

Mrs. Maloney. Reclaiming my time, what other steps can we 
take that are concrete to crack down on the terrorist money busi- 
ness? 

Mr. Stipano. We need to become better at identifying risk. One 
of the big problems with Riggs was that neither our examiners nor 
law enforcement nor anyone else recognized the risks in these em- 
bassy accounts. 

There are a number of steps that we are taking to do that. One 
of them is the nationwide implementation of a risk identification 
system that has been developed by one of our district offices. It in- 
volves gathering information on products and services and various 
types of activities that banks are involved in and putting it in 
spreadsheet form and developing a methodology to quantify risks 
and identify banks that may be outliers. 

We are also working on a new database that would use national 
bank-filed SARS to pinpoint operational risks generally, but also 
risks in the BSA area. 

Third, we are working with FinCEN and the other banking agen- 
cies on ways to better use BSA data. FinCEN is sitting on a gold 
mine of information with the SARS data and the CTR data and 
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other data that they have. The ability of the government to connect 
the dots and provide that information to the banking agencies is 
absolutely essential because once we have that kind of information, 
we can target our resources to the areas of banks that are truly 
high risk. 

As I mentioned earlier, we have also completed our examination 
procedures on three sections of the PATRIOT Act and we are about 
to come out with new procedures on a fourth section. 

Mrs. Maloney. Quite frankly, you don’t need a database or a 
spreadsheet to know that Riggs, the international bank for most of 
the foreign governments in the country and the foreigners in the 
country, is a high-risk bank. I mean, it is common sense, and yet 
it was not looked at. So I hope that you improve. This should be 
a priority. 

And I know you have a lot of smart people working in the OCC, 
and I have great respect for Comptroller Hawke. But it doesn’t 
sound like the BSA issues are at the top of your concerns, and I 
think it should jump ahead of any concerns that you have to 
change your charter and everything else you have been trying to 
do, because this is critically national security and, really, the secu- 
rity of our people is at stake. 

But I would like to go to Mr. Baxter and I would like to ask you 
about the Basle Capital Accords that are coming out that the Fed 
has been working on with the international community. When we 
finally solidify and come forward with these decisions on various 
capital requirements and so forth, do you think having an inter- 
national standard is going to help us spotlight and see the type of 
problems that were at UBS? Do you think that would be helpful, 
or is that really not an issue? What is your feeling on that? 

Mr. Baxter. One of the things we see in the UBS matter is an 
example of operational risk, a failure of people, a failure of controls. 
These failures were observed not here in the United States, but in 
the operation that was being conducted in Zurich. It is a good illus- 
tration of operational risk as a type of risk being addressed in 
Basle II, and here is one vivid demonstration of operational risk. 

It also, I think. Congresswoman, has relevance to what is being 
done at the Basle Committee because this occurred in a multi- 
national banking organization. 

UBS is an organization that conducts its operations in many 
countries. It has 65,000 employees around the world; 22,000 of 
them are in the United States. So you can see an operational risk 
problem and an institution that conducts its operation cross-border. 
So it is a good illustration of why operational risk is an important 
part of the risk quotient that is addressed in Basle II. It is also a 
good illustration of why the effort needs to be multinational and 
because this Basle II is being imposed on institutions that conduct 
their operation cross-border. 

Mrs. Maloney. Well, I was encouraged somewhat that the U.S. 
And Swiss authorities worked in cooperation with the U.S. man- 
agement of UBS to investigate and correct the UBS systemic risk 
management lapses in Zurich. 

But one of your statements earlier was alarming to me when you 
said one of the problems is that the personnel at the bank were not 
informed of the laws of the United States of America, of how we 
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treat these accounts, and that we certainly shouldn’t be transfer- 
ring money and so forth to Libya, et cetera, and these other coun- 
tries. And it seems to me that that would have to be part of the 
protocol, to let people know what the laws are. 

I mean, I find that an incredible — I can’t believe that someone 
is that stupid that they don’t inform everyone that this is the 
standard, because it is a U.S. bank, too, even though it is dealing 
with many different countries and just merged with the Swiss bank 
and so forth. 

What is your comment on that? It is the stupidity defense, “I just 
didn’t know.” I think if you read the paper, you would have known 
that — any intelligent person reading the paper would have known 
that we had these certain guidelines and rules about transferring 
accounts and moneys and so forth to various countries. 

Mr. Baxter. Congresswoman, you are absolutely right that the 
people in the bank note trading area of the UBS in Zurich, they 
knew about the restrictions that were exported in our contract to 
them. They knew that they had to conceal what they were doing. 
They had to conceal what they were doing not only from the Fed- 
eral Reserve, but also from the Swiss Federal Banking Commis- 
sion, from the more senior management at UBS and from UBS’s 
external and internal auditors. 

They did it because they were willing to lie. They did it because 
they were willing to violate the law, and they paid a price for that. 
But there is no question that they knew of the limitations in that 
bank note trading area, and they knew they had to hide. And hide 
they did. 

Mrs. Maloney. Well, I misunderstood you in your earlier com- 
ments. I thought you stated that they did not know, that there 
were people with the Swiss bank, and they just merged with an- 
other bank and they weren’t familiar. 

But you say it is just a matter of just crime, and I am glad that 
we have cracked down on it, but what could we do in the future 
to make sure that doesn’t happen again? How could we improve 
our oversight and our monitoring? 

Mr. Baxter. Well, it won’t happen again with UBS because they 
are no longer in the 

Mrs. Maloney. No longer in business, right. But other banks? 

Mr. Baxter. With the other five contractors, what we have done 
is implement this 17-point program through contract changes that 
were effective in February of this year. 

In addition, we are planning visitations to each of our five con- 
tractors to review policies and procedures dealing with anti-money 
laundering and OFAC compliance in our offshore facilities. 

Now, it will come as no surprise that we have heightened atten- 
tion in those five contractors now, who have watched the $100 mil- 
lion penalty being assessed against UBS and have taken careful 
notice. So while this iron is hot, we going to make those visitations, 
we are going to review with our colleagues at OFAC the policies 
and procedures that are in place, and we are going to make sugges- 
tions to our ECI contractors as to how they can be improved. 

So those are the things that we have got in train. We are also 
expecting in the late summer/early fall to start to receive the public 
accounting firm certifications, and those certifications will be at- 
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testing to the management representations we will receive both 
with respect to contract compliance and with respect to accurate re- 
porting. And the check of those independent public accounting 
firms, in our view, is significant. It is significant in a Sarbanes- 
Oxley context and it is significant because we know those public ac- 
counting firms are very mindful of their own liability; and they will 
be making certifications directly to the Federal Reserve, and we 
will have a say in our contracts as to who those public accounting 
firms are and then the policies and procedures that they will follow 
with respect to their certifications. 

So all of those things are in train, and all of those things, we ex- 
pect, will give us much greater assurance that we will not see a 
repetition of the conduct we found with UBS in any of our other 
contractors. 

Mrs. Maloney. Did the Fed ever consider using only U.S. banks 
operating abroad for these functions? Wouldn’t that have made 
things simpler since U.S. Banks are not allowed to deal with coun- 
tries on the OF AC list? 

Mr. Baxter. You’re right. Congresswoman. It does make things 
simpler, but that, in itself, is no guarantee of perfect compliance. 
Again, we get to that old audit admonition about trust but verify. 
So we feel that even with respect to our U.S. ECI contractors — and 
most of them are U.S. Institutions — that we can’t only trust them, 
we have to trust and verify. 

So the procedures that I mentioned with respect to the new con- 
tracts and the external certified public accounting firm attesta- 
tions, those we are going to implement across the board regardless 
of nationality. They will apply to the U.S. institutions and the non- 
U.S. institutions. 

With respect to the specific question, have we considered using 
only U.S. flag institutions, yes, we have considered that. The dif- 
ficulty is to penetrate certain markets around the world, we feel we 
need to turn to some of our foreign commercial institutions for the 
reasons that led us to the UBS in 1996. And that is why, in Singa- 
pore, we are doing business with the United Overseas Bank. 

So we are certainly mindful that the U.S. flag institution might 
be simpler and has some legal difficulties that are less than we 
find with the foreign flag carriers or institutions, but we haven’t 
made the decision to use only American institutions at this point. 

Mrs. Maloney. Thank you very much. And I yield back the bal- 
ance of my time, although I think I used it all up. 

Chairwoman Kelly. That is quite all right. I thank you both. 

But I have one follow-up question for you, Mr. Stipano. What 
happened to the auditors that failed to find the problems at Riggs? 
Are they still at OCC? 

Mr. Stipano. It is hard to answer that because we are talking 
about 

Chairwoman Kelly. I thought it was a fairly straight question. 
Are they still at OCC? 

Mr. Stipano. There are a lot of examiners who have examined 
Riggs during this time period. Some of them are still at OCC and 
some of them are not. 
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Chairwoman Kelly. What mechanism do you have in place to 
assess the performance of the bank examiners regarding the BSA 
compliance? 

Mr. Stipano. We have a couple of mechanisms. One is the per- 
formance appraisal process that the OCC uses for examiners and 
for other types of employees and another is the Quality Manage- 
ment Division. That is the division that Comptroller Hawke has di- 
rected to do a review of the Riggs matter and to report back on 
what went wrong. 

Chairwoman Kelly. How long was that Quality Control Division 
in place? 

Mr. Stipano. I don’t know offhand. It is not something recent. 

Chairwoman Kelly. Years? Months? 

Mr. Stipano. In some form, I would say years. 

Chairwoman Kelly. I think that this has been a very interesting 
hearing. I am interested that you were talking about the great 
amount of information that FinCEN has and talk about the ability 
to connect the dots. If we streamline what is going on with regard 
to regulatory agencies and perhaps centralize them, then they per- 
haps can have access to each other’s information in a much more 
direct way that will result in better oversight, more rapid response. 
And certainly we don’t want to see this kind of thing happen again 
for such an extended period of time. 

We don’t live in the world that we lived in prior to 9/11/2001. We 
live in a very different world. And part of that world is that we 
now — those of us who are charged with the responsibility of mak- 
ing sure that our country is safe and that our banking system is 
safe, we must think outside of the box, look outside of the box for 
solutions; that we will never let this kind of thing happen that hap- 
pened with the Riggs Bank again. 

I am concerned with not only what happened with OCC, but I 
also am concerned with the Fed in one aspect. The fine of $100 mil- 
lion sounds like a lot of money, but when you have a bank with 
more than $1 trillion in assets, that fine seems a mere slap on the 
wrist. I would hope that when an institution is fined, especially an 
institution that had in place people who were supposed to find this 
kind of malfeasance, I would hope that that institution would pay 
a much steeper price for not regulating and controlling their own 
employees’ behavior. 

Here in the United States we put people like that in jail when 
there is a fraud in a bank. We have bank fraud laws; those people 
go to jail. $100 million, it seems they got by on the cheap, and I 
am quoting a lot of other people who have also mentioned that to 
me. 

I would hope that when you are considering fines of this nature 
again that the Fed would consider a healthier fine for any kind of 
malfeasance that is occurring. 

This is a blow to our financial system in a way — ^both of these 
are blows to our financial system in a way that American people 
have a right to expect should not happen when we have institu- 
tions in place whose charge it is to make sure that it doesn’t hap- 
pen. 

I appreciate the fact that you came here today. I appreciate the 
fact that you spent so much time with us, helping us understand 
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what did happen, what went wrong, and helping us understand 
how it is possible that we might be able to get through this and 
come out on the other end with a much better regulatory environ- 
ment that will help protect America and America’s financial insti- 
tutions in a better way. 

The Chair notes that some members may have additional ques- 
tions for this panel which they may wish to submit in writing. So, 
without objection, the hearing record will remain open for 30 days 
for members to submit written questions to these witnesses and 
place their responses in the record. 

I thank the witnesses for their appearances here today. This 
hearing is adjourned. 

[Whereupon, at 3:57 p.m., the subcommittee was adjourned.] 
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statement of Chairwoman Sue Kelly 
Subcommittee on Oversight and Investigations 
"Risk Management and Regulatory Failures at Riggs Bank and UBS; Lessons Learned" 

June 2 , 2004 


Two weeks ago, this Subcommittee explored proposals to streamline and centralize our current system 
to prevent money laundering and terror financing. 

The recent cases involving Riggs Bank and UBS reveal regulatory and risk management breakdowns 
that also must be examined in order to strengthen our government’s ability to enforce our anti-money 
laundering laws. 

This afternoon, the Subcommittee will investigate the noncompliant and inexcusable behavior of these 
two banks along with the inadequate response of our regulators. 

In the OCC’s oversight of the Riggs Bank case, we find no better illustration of the inherent 
weaknesses of a fragmented regulatory regime. 

We find a regulator that was reportedly aware of noncompliance by Riggs with high-risk foreign 
clientele as far back as 1 999 — perhaps even earlier — and did nothing about it. 

We find a regulator that was slow to act even after the Sept. 1 1 terrorist attacks inside our borders 
made the threat posed by terror funding networks all too clear. 

We find a regulator with credibility so diminished that Riggs shamelessly continued to violate the 
Bank Secrecy Act even after a full-time OCC examiner was placed on the bank’s premises following 
last summer’s consent order. 

I am very interested in hearing directly from the OCC about how this happened. 

I am deeply concerned that we are combating illicit funding networks inside our country with a 
regulatory structure that was not designed to be part of our arsenal in a war on terror. 

Though great strides forward have been taken, particularly with the creation of the Office of Terrorism 
and Financial Intelligence (TFI) and with an elevated focus on improving FinCEN’s capabilities, it is 
evident that this is still a work-in-progress. 

The time has come to replace a slow-footed regulatory system with one that is centralized, multi- 
dimensional, and focused intently on preventing our financial institutions from being exploited by 
criminals and terrorists. 

Therefore, this subcommittee will continue to pursue proposals that centralize our examination and 
compliance assets, and that establish a criminal enforcement authority that will restore the credibility 
of our regulators. 

Such reforms should establish clear lines of oversight, improve our ability to quickly detect and 
respond to suspicious activity, and will make clear to financial institutions that, from now on, brazen 
violators will be going to jail instead of just paying a civil fine. 
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Our hearing today also focuses on UBS’s contract with the Federal Reserve Bank of New York to serve 
as an Extended Custodial Inventory (ECI), which facilitates the international distribution of U.S. 
currency. 

Beginning with its contract in 1996, UBS was in violation of its agreement to repatriate old U.S. 
banknotes and redistribute new banknotes on behalf of the Federal Reserve. 

The bank knowingly traded U.S. currency through the ECI with countries subject to restrictions from 
the Office of Foreign Asset Control (OFAC), including Cuba, Iran, Libya, and Yugoslavia. 

The most serious and disturbing violation has been the discovery that officers and employees at UBS 
intentionally falsified documents to sidestep detection by U.S. authorities. 

While these actions and the company's failure to implement internal controls made it exponentially 
more difficult to detect suspicious activity, it is also important to examine how and why routine 
oversight by the Federal Reserve and the OCC did not raise any concerns. 

In fact, this Subcommittee is deeply concerned that the contract violations would likely still be 
occurring today had our military not been in a position to find U.S, dollars from the Federal Reserve 
Bank of New York on the ground in Iraq. 

As such, I believe we must investigate all ECI contracts to ensure that foreign governments and 
financial institutions are cooperating with our government. 

While Riggs Bank and UBS illustrate two distinct regulatory meltdowns, they both speak clearly to the 
need for improving our efforts to stop terror financing. 

It may create new and unfamiliar responsibilities for financial institutions, but it is a moral and ethical 
responsibility and a license required to do business in this country. 

We thank our witnesses for their testimony and hope they can shed some light on these issues. I look 
forward to continuing this examination in the Subcommittee's hearing next week regarding oversight 
of the Department of Treasury and the agency's anti-money laundering efforts. 


### 
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Opening Statement 

Chairman Michael G. Oxley 

Committee on Financial Services 


“Risk Management and Regulatory Failures at Riggs Bank and UBS: 
Lessons Learned” 

Subcommittee on Oversight and Investigations 
June 2, 2004 


Thank you, Chairwoman Kelly, for convening today’s hearing before the Oversight 
and Investigations Subcommittee concerning two recent cases where bank 
misbehavior at a U.S. bank (Riggs) and a foreign bank (UBS) over an extended 
period of time ultimately led federal regulators to sanction those banks. 

In both cases, high-prestige lines of business missed risk management and 
regulatory scrutiny because they did not generate high revenues. In both cases, 
flagrant violations continued to occur even after regulatory authorities began to 
inquire and demand remedial action. 

Riggs Bank N.A. was recently fined a $25 million civil money penalty for Bank 
Secrecy Act noncompliance. As I understand it, Riggs allowed substantial sums of 
money to pass through diplomatic accounts over a number of years. It failed to 
comply with a number of Bank Secrecy Act reporting requirements, including the 
substantial changes made to these statutes following the September 11 events. 

To compound the problem, once this behavior was revealed by the Office of the 
Comptroller of the Currency last year, it took many months to halt the improper 
money handling practices at Riggs, even with an OCC examiner on the premises! 

The second situation involves the Union Bank of Switzerland (UBS) and its 
performance under a contract with the Federal Reserve Bank of New York (the Fed) 
to act as agent for the Fed in disbursing and receiving U.S. banknotes outside the 
United States through a vault in Zurich. In brief, UBS violated its “Extended 
Custodial Inventory” (ECI) contract by engaging in transactions to buy and sell U.S. 
banknotes with counterparties in countries subject to U.S. restrictions and then 
failing to disclose the transactions. Those countries were: Cuba, Iran. Libya, and 
two parts of the former Yugoslavia. The contract with the Fed specifically 
prohibited such transactions. 
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June 2, 2004 

These transactions came to light by accident, when a cache of U.S. dollars originally 
shipped through the Zurich facility was discovered in post-Saddam Iraq. UBS 
aggravated the situation by taking over six months to identify and remedy pervasive 
weaknesses in their internal risk management structure that permitted the 
violations to continue up until the day the Fed terminated its contract with UBS. 

The Federal Reserve fined UBS $100 million for this action. This is the second 
largest fine ever levied by the Fed, and the largest was against BCCI in the early 
1990s. I question whether the magnitude of the UBS fine is sufficient in light of the 
gravity of the risk management failures and deliberate efforts to conceal prohibited 
activity. The fine seems roughly equivalent to the value of the ECI business. But it 
barely dents the quarterly earnings at UBS. I understand that the Swiss authorities 
also have taken regulatory action, but this information is not publicly available. 

I thank Chairwoman Kelly for her leadership in inviting representatives of the OCC 
and the Fed here today to discuss these two important cases. We need to 
understand how these problems could have existed and, more importantly, could 
have persisted after regulatory inquiries had begun. 

I am eager to hear our witnesses review these situations in some detail, especially 
regarding the apparent failure of the two banks’ internal risk management and 
transaction reporting systems. Further, I want to hear about the regulators’ efforts 
to correct these problems, and consider what recommendations they might have for 
avoiding similar problems in the future. 

Our regulatory systems are designed to identify and stop money laundering as well 
as to disrupt terrorist financing schemes. While the inappropriate actions under 
discussion today were eventually exposed and stopped, they did operate for quite 
some time without American regulatory intervention. I want to know what we can 
to do to prevent such problems now and in the future. 

One strength of democratic government is that problems are discussed openly and, 
when possible, remedied quickly. In both the Riggs and UBS cases, serious remedial 
action has been taken, and we now seek to learn from the mistakes. The Fed is to be 
commended for achieving an unprecedented level of cooperation and information- 
sharing with its Swiss counterpart, the EBK. 

Again, my thanks to Chairwoman Kelly for convening this hearing and to our 
witnesses for their willingness to explore intricate and, often, unresolved matters 
related to these two cases for the public record. I look forward to an informative 
session. 
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Testimony of Thomas C. Baxter, Jr. 

Executive Vice President and General Counsel, Federal Reserve Bank of New York 
Risk Management and Regulatory Failures at Riggs Bank and UBS: Lessons Learned 
Before the Subcommittee on Oversight and Investigations, Committee on Financial 
Services, U.S. House of Representatives 
June 2, 2004 

Introduction 

Chairwoman Kelly, Representative Gutierrrez and members of the 
Subcommittee, I am pleased to be here this morning to discuss certain recent events 
relating to the Federal Reserve’s Extended Custodial Inventory (“ECI”) program. With 
me from the Federal Reserve Board are Katherine Wheatley, Assistant General Counsel, 
and Michael Lambert, Financial Services Cash Manager. Today, I will focus on the 
Federal Reserve Bank of New York’s (“New York Fed”) responses to the deceptive 
conduct of one of the former operators of an ECI facility, namely UBS, a Swiss banking 
organization. UBS operated an ECI site in Zurich, Switzerland, until late October of 
2003 when the New York Fed terminated its contract with UBS for serious breaches. 
More recently, the Federal Reserve assessed a $100 million civil money penalty against 
UBS for its deceptive conduct both in coimection with its performance under the ECI 
contract, and with respect to the investigation into that performance. 

My remarks today will cover four topics. First, I will provide some 
background regarding the ECI program. Second, I will review the chronology 
surrounding our discovery that UBS had violated its ECI Agreement with the Federal 
Reserve Bank of New York by engaging in U.S. dollar (“USD”) banknote transactions 
with countries subject to sanctions by the U.S. Department of the Treasury’s Office of 
Foreign Assets Control (“OF AC”), and, moreover, that certain former officers and 
employees of UBS had intentionally deceived the New York Fed in order to conceal 
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those transactions. Third, I will explain the rationale behind our decision to assess a civil 
money penalty in the amount of $100 million and will distinguish this punitive action 
from the earlier action for breach of contract and the remedial action of the Swiss 
supervisor, the Swiss Federal Banking Commission (referred to as the “EBK”). Fourth, I 
will discuss the steps the New York Fed has taken with respect to its remaining ECI 
operators so as to improve the controls relating to OF AC compliance. 

Background on the ECI Program 

Let me now describe the ECI program. The ECI program serves as a 
means to facilitate the international distribution of U.S. banknotes, permit the repatriation 
of old design banknotes, promote the recirculation of fit new-design currency, and 
strengthen U.S. information gathering capabilities on the international use of U.S. 
currency and sources of U.S. banknote counterfeiting abroad. ECI facilities function as 
overseas cash depots operated by private-sector commercial banks. These banks hold 
currency for the New York Fed on a custodial basis. 

It is estimated that as much as two-thirds of the value of all Federal 
Reserve Notes now in circulation, or more than $400 billion of the $680 billion now in 
circulation, is held abroad. While many financial institutions trade U.S. dollars in the 
foreign exchange markets, no more than thirty institutions worldwide participate in the 
wholesale buying and selling of physical USD banknotes. Wholesale banknote dealers 
purchase approximately 90 percent of the U.S. banknotes that are exported to 
international markets from the New York Fed. 

Working with the U.S. Department of the Treasury, the Federal Reserve 
introduced the ECI program as a pilot in 1996 to aid in the introduction of the $100 new 
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currency design note, and in recognition that an assured supply of U.S. currency abroad 
would help to alleviate any uncertainty that might have been associated with a new 
design. The pilot program succeeded in ensuring the orderly introduction of the new 
design banknotes by providing ready supplies of such notes, particularly in the European 
and former Soviet Union markets. 

After supporting the successful introduction of the new design $100 
banknote in 1996, the primary purpose of the ECI program shifted to enhancing the 
international banknote distribution system. Currently, there are a total of eight ECI 
facilities in five cities that are operated by five banks: American Express Bank (London), 
Bank of America (Hong Kong, Zurich), HSBC Bank USA (London, Frankfurt, Hong 
Kong), Royal Bank of Scotland (London), and United Overseas Bank (Singapore). 

The New York Fed manages the ECI program and provides management 
oversight and monitoring of it. We coordinate the shipment and receipt of currency 
between our offices and the ECIs, All banknotes contained within an ECI vault and 
while being transported between the New York Fed and an ECI vault, remain on the 
books of the New York Fed. When banknotes are withdrawn from the ECI vault to fill a 
banknote order from a third party, or for an ECI operator’s use, the ECI operator’s 
account at the New York Fed is debited accordingly. When banknotes are deposited into 
the ECI vault and augment the New York Fed inventory, the operator’s account at the 
New York Fed will be credited. 

The relationship between ECI operators and the New York Fed is 
governed by an ECI Agreement and a Manual of Procedures for the ECI Program 
(“Manual of Procedures”). From the start of the ECI program, the ECI Agreement has 
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specifically prohibited ECI operators from engaging in transactions with OF AC 
sanctioned countries. In addition, since the beginning of the program, the ECI 
Agreement and the Manual of Procedures have required ECI operators to provide the 
New York Fed with monthly reports showing all countries that engaged in U.S. dollar 
transactions with the operator during the preceding month and the volume of those 
transactions. 

The ECI program faeilitates the international distribution of U.S. currency 
by maintaining sufficient inventory of Federal Reserve notes in strategically located 
international distribution centers. The ECIs also are a key part of the Federal Reserve’s 
and Treasury’s efforts to distribute currency to the major global financial markets during 
times of crises. In the wake of the September 1 1"" attacks, when air transportation was 
seriously disrupted, having U.S. currency already positioned at the ECI facilities enabled 
the Federal Reserve to satisfy heightened international demand for U.S. currency in the 
major financial markets without any interruption of service. 

In addition to its role in international currency distribution, the ECI 
program is critical to ensuring the quality of U.S. currency abroad. ECIs are required to 
sort currency purchased from market participants both by currency design (old and new) 
and into fit and unfit notes. These requirements ensure that old design and unfit notes are 
removed from circulation in a timely fashion. ECIs are also responsible for 
authenticating banknotes purchased in the market. The ECIs detect counterfeit notes as 
they circulate in significant offshore money markets, and quickly report information on 
the geographic sources of these counterfeit notes to the Secret Service. 
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Finally, the information provided by the ECIs to the New York Fed 
regarding country level flows of payments, and receipts of U.S. dollars is important to the 
Federal Reserve, the Treasury, and the United States Secret Service because it provides a 
valuable tool for estimating stocks and flows of U.S. currency abroad, particularly for 
countries about which little information was available previously. Before the ECI 
program, the United States had little or no access to this mission-critical information 
about overseas counterfeiting and currency flows that is now required by the ECI 
Agreements. 

The Chronology 

I will now turn to the chronology of events surrounding the discovery that 
UBS had engaged in ECI transactions with OF AC-sanctioned countries and had 
concealed those transactions from the New York Fed. 

On April 20, 2003, the Sunday New York Times reported that U.S. armed 
forces had discovered, in Baghdad, approximately $650 million in United States 
currency. According to the article, the wrapping on the currency indicated that it 
originated, in part, from the New York Fed. Upon reading this article, I sent an e-mail 
directing staff at the New York Fed to attempt to determine how currency bearing the 
mark of the Federal Reserve Bank of New York might have traveled from our offices to 
Baghdad. Around the same date, staff from the Board of Governors of the Federal 
Reserve System (“Board of Governors”) in Washington were contacted by the Treasury 
Department and asked to assist in tracing the same currency. Also at this time, staff at 
the New York Fed and other Reserve Banks received telephone calls from agents of the 
U.S. Customs Service seeking information regarding the discovered banknotes. 
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Within days, the New York Fed received serial numbers for a small 
sample of the banknotes found in Iraq. By April 24, 2003, our cash staff in East 
Rutherford, N.J., had determined, using serial number records, that the sampled notes 
were part of twenty-four shipments that had been sent from our offices to three of our 
ECI facilities; HSBC in London, Bank of America in Zurich and UBS in Zurich. Over 
the next few weeks, we received additional serial numbers from other samples of the 
discovered currency as well as serial numbers from samples of an additional $112 million 
that was discovered in Iraq shortly after the initial hoard. We successfully traced those 
serial numbers to the same three ECI facilities, as well as to HSBC’s ECI facilities in 
Frankfurt and London; to the Royal Bank of Scotland’s ECI facility in London; to a 
number of commercial banks in the United States and abroad; and to several foreign 
central banks. 

In an effort to follow the currency trail further, in early May of 2003, we 
contacted each of the ECI operators, and one of the commercial banks that had done a 
large volume of relevant currency purchases, and asked them to provide us with 
information regarding the counterparties to whom they sold the identified banknotes. By 
the end of May, we had received responses from HSBC and Bank of America that 
included, for HSBC, specific counterparty information, and for Bank of America, more 
general country information, for the relevant shipments. No transactions with Iraq or any 
other OF AC-sanctioned countries were contained in these responses. Our investigative 
efforts to follow the trail of the currency discovered in Iraq are continuing. 

UBS responded to our inquiry by advising that it did not track serial 
numbers for its banknote sales. In the alternative, UBS agreed to provide information 
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regarding shipments of currency from the ECI that corresponded closely to the dates on 
which the notes found in Iraq had been shipped from the New York Fed’s New Jersey 
office to the UBS ECI. UBS also informed the New York Fed that Swiss law 
considerations precluded the sharing of specific counterparty names. Accordingly, only 
country destinations could be provided. On June 25, 2003, UBS provided a report to one 
of our cash officers, who was in Zurich for a periodic site inspection. The report 
purported to list the relevant shipments by date and included the countries to which the 
banknotes were sold and the amounts in each shipment. While no transactions with Iraq 
were identified, included in this report were entries representing eight shipments of 
banknotes to Iran. Of course, we had not expected such a disclosure as currency 
transactions with Iran were expressly prohibited by the ECI Agreement. 

Upon learning that UBS had sold banknotes to Iran, we asked UBS to 
explain how these Iranian transactions could have occurred in view of the clear 
contractual prohibition in the ECI Agreement against shipping currency to countries that 
are the subject of regulations issued by OF AC. We also inquired as to why these 
transactions had not appeared on the monthly dollar transaction reports that UBS was 
required to provide to the New York Fed pursuant to the ECI Agreement. UBS 
responded that the transactions with Iran were done by mistake. Further, with respect to 
our specific questions directed at the false monthly reports, UBS banknote personnel 
provided a facially plausible, but false, explanation. The explanation was that the reports 
were the result of an innocent mistake and not an intentional deception. 

In early July of 2003, New York Fed management concluded that the 
transactions by our ECI operator, UBS, with Iran constituted a material event that needed 
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to be reported. Consequently, on July 1 1, 2003, 1 sent a memorandum reciting the facts 
known then to the New York Fed’s board of directors, which, under Section 4 of the 
Federal Reserve Act, exercises “supervision and control” of the Bank management. In 
addition, the New York Fed disclosed what we knew to senior staff at OF AC, the Board 
of Governors, and the Department of the Treasury. The UBS situation was discussed 
with the New York Fed’s board of directors at its meeting on July 17, 2003. The 
directors concurred in the management recommendation to more folly understand the 
facts by involving UBS’s home country supervisor, the EBK, and when the facts were 
folly understood, to make a decision with respect to contract termination. 

On July 22, 2003, 1 met with representatives of the EBK in Switzerland to 
discuss how to move forward with an inquiry. I explained to the representatives that, to 
avoid termination of its ECI contract, UBS would have to provide the New York Fed 
with reassurance as to its compliance. I emphasized that the New York Fed could not 
tolerate a repeat violation. I also told the EBK that I was not satisfied with the 
explanation proffered by UBS concerning the monthly reports. It was agreed that the 
New York Fed would draft questions regarding UBS’s compliance with OF AC 
regulations in the operation of the ECI and that Ernst and Young (“E&Y”), UBS’s 
outside auditor, would review the operation and prepare responses to our questions. 

In late July of 2003, E&Y began its review of UBS’s ECI operation. 
During the course of this review, which concluded in October of 2003, E&Y teamed that 
in addition to the transactions with Iran, UBS had also engaged in banknote purchase 
transactions with Cuba, another country on the OF AC list, and that the banknotes had 
been deposited into the ECI. E&Y also learned that, in preparing the monthly dollar 
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transaction reports, personnel in UBS’s banknotes operation had concealed the Cuban 
transactions from the New York Fed. E&Y informed senior UBS personnel of its 
findings and encouraged UBS to disclose the information to the EBK and to the New 
York Fed. 

In mid-October, UBS disclosed to the EBK that, in addition to the 
transactions with Iran, it had engaged in USD banknote transactions with Cuba that 
involved the ECI. The EBK advised UBS to disclose the transactions to the New York 
Fed. Late on Friday, October 24, 2003, representatives of UBS met with me at the New 
York Fed. They told me that UBS had engaged in transactions not only with Iran, but 
also with Cuba, and with Libya, yet another country on the OF AC list. On Tuesday, 
October 28, 2003, the New York Fed terminated its ECI Agreement with UBS for breach 
of Articles 8 and 9 of the Agreement which dealt with, respectively, UBS’s monthly 
reporting obligations and its OFAC compliance obligations. Within a week of the 
termination, UBS disclosed that it had also engaged in transactions with Yugoslavia (the 
Republics of Serbia and Montenegro) during the time that Yugoslavia was subject to 
OFAC sanctions. New York Fed management promptly informed the New York Fed 
board of directors of the decision to terminate for breach, and the reasons for the 
decision. 

After terminating the contract for breach, the New York Fed needed 
UBS’s continuing cooperation in the investigation of the facts regarding the breach and 
the false reports. Senior management of UBS did cooperate with us in these specific 
matters. Further, we received extraordinary assistance from our supervisory colleagues at 
the EBK. 
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Following the termination of the ECI Agreement, UBS appointed an 
investigative steering committee and retained two respected law firms to conduct a full 
investigation into the operation of the Zurich ECI. The internal and external auditors of 
UBS were asked to assist. The EBK agreed to allow UBS to share the results of this 
investigation with the New York Fed on a confidential basis. 

Over the next six months, the investigative team interviewed forty-eight 
UBS employees, many on multiple occasions, and reviewed several thousand documents, 
including e-mails. On December 3, 2003, the first report from the investigation was 
provided to the New York Fed. Between delivery of the first report and April of 2004, 1, 
and other New York Fed officers met with representatives of UBS on three occasions and 
had many telephone conversations in which we reviewed the status of the investigation 
and requested that more work be done on specific issues. During this same time period, 
the UBS investigative team also provided us with numerous supplemental responses, 
documents, and updated chronologies. True to its commitment during the summer of 
2003, the EBK enabled UBS to make full disclosure of the investigative results, and also 
enabled the New York Fed to interview members of the E&Y team that had reviewed 
UBS’s ECI operations. On April 16, 2004, UBS provided the New York Fed with its 
final supplement to the December report. 

The investigation confirmed that UBS engaged in USD banknote 
transactions, through the ECI, directly with four OF AC sanctioned countries: Cuba, 
Libya, Iran, and the former Yugoslavia, but not directly with Iraq. UBS consistently 
engaged in these transactions from the inception of the ECI program, notwithstanding the 
fact that the UBS personnel involved clearly understood that the ECI Agreement 
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prohibited such transactions. Moreover, UBS personnel took affirmative steps to conceal 
these transactions from the New York Fed, including, but not limited to, falsifying the 
monthly U.S. dollar transaction reports that it was contractually obligated to submit. 

UBS personnel continued their efforts to conceal these transactions even after the 
investigation was underway. The banknote personnel of UBS also affirmatively misled 
the EBK. 

In early May of 2004, the New York Fed engaged the EBK in discussions 
regarding the appropriate supervisoiy response to UBS’s conduct. Our goal was for the 
EBK to take remedial action in its capacity as UBS’s home country supervisor, and for 
the Federal Reserve to take punitive action against UBS for its deceptive conduct with 
respect to an important U.S. program-our sanction regime. On May 10, 2004, the EBK 
publicly reprimanded UBS for the failures in internal control that permitted both the 
breach of contract and the deception. The EBK’s decision acknowledged that UBS 
planned to discontinue its banknote trading business, and forbade UBS from restarting 
this business without the EBK’s consent. Simultaneous with the EBK’s announcement of 
its supervisory decision, the Federal Reserve announced the assessment of a $100 million 
civil money penalty against UBS. 

The Civil Money Penalty Assessment 

I now turn to my third topic and focus on the amount of the civil money 
penalty assessed by the Federal Reserve against UBS. At the outset, let me emphasize 
that the civil money penalty is directed at deception and the violation of U.S. laws 
relating to deception. The remedy for breach of contract was contract termination, and 
that occurred more than six months ago. 
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The Federal Reserve’s statutory authority to assess a civil money penalty 
is expressly set out in Section 8(i) of the Federal Deposit Insurance Act (“FDI Act”). 
When the Federal Reserve determines that a financial institution has violated the law, as 
UBS did here, and that such a violation justifies the assessment of a civil money penalty, 
we look first to Section 8(i) to determine the range of the penalty that might be imposed. 
The statute carefully lays out a three-tiered approach to assessment. The tiers focus on 
both the likelihood that the violation will cause financial harm to the institution and on 
the degree of willfulness demonstrated by the institution in committing the violation. The 
greater the likelihood of harm and the more deliberate the act, the higher the maximum 
penalty. 

UBS’s conduct here constituted a tier two violation. Section 8(i)(2)(B) of 
the FDI Act provides that any depository institution that violates any law, which violation 
is part of a pattern of misconduct, shall pay a civil money penalty of not more than 
$25,000 for each day during which such violation continues. This formula, applied to 
UBS’s multiple violations of law, permitted the Federal Reserve to assess a civil money 
penalty of $100 million. 

While UBS is a $1 trillion institution, and has abundant financial 
resources, banknote trading was a very small piece of UBS’s overall business. For the 
years 1999-2003, UBS’s banknote trading business for all currencies with all countries 
had aggregate net profit of approximately $87 million. From 1996 through 2003, UBS 
earned net profit of slightly less than $5 million fi-om its banknote transactions with 
countries subject to OF AC sanctions. Thus, the $100 million civil money represents a 
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penalty that is approximately twenty times the amount of the net profit that UBS derived 
from its wrongful conduct. 

Clearly, however, we recognized the severity of UBS’s actions. UBS had 
deceived us over an eight-year period in several different ways. In assessing the civil 
money penalty, however, we were mindful that the assessment should not be made in a 
vacuum. In 1992, the Board of Governors assessed a $200 million penalty against BCCI; 
and the $100 million civil money penalty assessed against UBS is equal to the next- 
highest penalty the Federal Reserve has ever assessed against an institutional respondent. 
Last year, in conjunction with a criminal disposition by the U.S. Department of Justice, 
the Federal Reserve assessed Credit Lyonnais a $100 million civil money penalty. While 
no two cases are alike. Credit Lyonnais engaged in a similar pattern of deliberate and 
repeated false statements to the Federal Reserve in coimection with its secret acquisition 
of the Executive Life Insurance Company. 

In considering whether the amount of the civil money penalty was 
sufficiently large, it is not enough to look only at the size of UBS’s balance sheet and net 
profit. It is important to keep in mind that UBS is a Swiss institution with its own 
banking supervisor, the EBK, which has no authority to impose money penalties. A 
Swiss governmental reprimand to the largest bank in Switzerland is, to our knowledge, 
unprecedented in Swiss history. The EBK took that action, in no small measure, to 
demonstrate that it would not tolerate deception any more than we would. We gave 
special consideration to the EBK’s views also because, as senior Treasury officials have 
noted in testimony before Congress, the EBK has demonstrated exceptional cooperation 
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in matters relating to the global fight against terrorist financing. As a bank supervisor 
active in that fight, the Federal Reserve appreciates the value of global cooperation. 

In short, the $100 million civil money penalty that we assessed against 
UBS was appropriate. It was in proportion to the revenues UBS derived from its 
unlawful actions. It was in line with the Federal Reserve’s history of civil money 
penalties. And, it was appropriate because we were able to act together with the EBK to 
craft supervisory action that is both punitive and remedial, 

2004 Enhancement of ECI OFAC Compliance Requirements 

Turning to my final point, I will describe the actions taken by the New 
York Fed in the wake of the discovery of UBS’s deceit. These actions are aimed at 
ensuring that our ECI operators will not conduct ECI transactions directly with OF AC- 
sanctioned countries. Thus, through our ECI contracts, we are able to extend the reach of 
the OFAC sanctions to foreign jurisdictions. It is important to keep in mind, however, 
that the U.S. sanctions regime cannot be applied extraterritorially without limitation. 

Immediately following the discovery that UBS had engaged in 
transactions with Iran, in July 2003, we directed inquiries toward each of the five banks 
with which we continue to maintain an ECI relationship. The banks responded by 
detailing for us the procedures each had in place to ensure their contractual compliance 
with the OFAC regulations and various Anti-Money Laundering (“AML”) statutes and 
regulations. These responses gave us sufficient confidence to carry us through for the 
period necessary until we could amend our contracts to strengthen the OFAC and AML 
compliance provisions. 
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In the fall of 2003, the New York Fed began a process of amending all of 
the ECI Agreements and the accompanying Manual of Procedures to strengthen the 
compliance requirements supporting the OF AC sanctions programs. Each revised 
Agreement establishes the ECI operators’ general responsibilities for OF AC compliance, 
while the new Manual of Procedures enumerates in detail minimum specific 
responsibilities. The new contracts and Manual of Procedures were all executed and 
became fully effective in February 2004. 

In revising the ECI Agreements, two major changes were made to the 
OF AC Compliance Section. First, language was added to expressly provide that the ECI 
bank “agrees that ECI Banknote Activity is subject to the jurisdiction of the U.S. 
Department of Treasury’s Office of Foreign Assets Control” Second, the Agreement 
was amended to include an acknowledgement from the operating bank that, with respect 
to banknote transactions, it must comply with the provisions of the U.S. Trading with the 
Enemy Act, the International Emergency Economic Powers Act, the Antiterrorism and 
Effective Death Penalty Act, and “any other similar asset control laws, to the extent that 
they are implemented by OF AC regulations.” 

Perhaps the most significant changes, however, relate to new audit 
requirements for the ECIs. A new section was added to the ECI Agreement requiring an 
annual audit of the operating bank’s AML and OF AC compliance programs by a public 
accounting firm, hired at the ECI operator’s expense. The ECI Agreement also provides 
that a management representative must attest that the ECI operator is complying with the 
contract. Then, in a Sarbanes-Oxley inspired provision, the contract requires that the 
public accounting firm must attest to the management assertion, and specifically, whether 
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the assertion is fairly stated. The contract also provides that the public accounting firm 
will render an opinion on whether the monthly reports that the ECl bank has provided to 
the New York Fed are accurate. The New York Fed is currently in the process of 
working with the public accounting firms concerning implementation of this requirement. 

The Manual of Procedures was also expanded and now requires ECl 

operators to: 

1. Establish a system of internal controls to ensure compliance with all OFAC regulations. 
Internal controls should be specific to all aspects of ECl Banknote Activity irom account 
opening through the initiation and settlement of all transactions; 

2. Perform and document a comprehensive OFAC risk assessment of at! aspects of ECl 
activities, including any transactions that are processed through the ECl for another 
institution; 

3. Designate a compliance officer responsible for monitoring compliance with all OFAC 
laws and regulations, and an officer responsible for overseeing any funds blocked as a 
result of any OFAC law or regulation; 

4. Implement an audit program that will provide for independent testing of all aspects of the 
OFAC compliance program and for an annual comprehensive audit of each line of 
business relating to the ECl activities; 

5. Provide appropriate OFAC compliance training for all employees in each line of business 
relating to ECl activities; 

6. Maintain the most current OFAC List of prohibited countries, entities, and individuals; 

7. Retain all OFAC-related records for a period of not less than five years; and 

8. Require the OFAC compliance officer to develop a program to screen customers and 
transactions for OFAC compliance. The screening program shall, at a minimum: 
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a) Ensure that all new customers are compared to the OFAC list and formally approved 
for activity before any transaction is initiated with the customer; 

b) Specify what information in the account is being compared, e.g., accountholder, 
signatories, powers of attorney, beneficiaries, and/or beneficial owners; 

c) Require that, whenever OFAC updates the OFAC List, a review shall immediately be 
performed of existing customers and of all electronic files used to maintain customer 
information; 

d) Require periodic testing to ensure that existing customers and any electronic 
customer information files are effectively tested for OFAC compliance; 

e) Require that all ECI activities be compared to the OFAC list and monitored for 
prohibited activity; 

f) Implement an escalation program to ensure that any potential matches of customers 
or transactions be reported immediately to the OFAC compliance officer for review 
and disposition; 

g) Implement effective controls to identify transactions that match an OF AC-sanctioned 
individual or entity; 

h) Require that any identified transactions be reported to OFAC in accordance with 
OFAC regulations and to the New York Fed personnel identified in the ECI 
Agreement; and 

i) Require that a history file of any customers or transactions initially identified as 
potential matches but subsequently approved by the OFAC compliance officer, be 
maintained under record retention policies for review by internal audit. 

The changes to the Agreement and the expanded seventeen-point 
procedural program have strengthened ECI program internal controls, established 
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operational responsibility for compliance, and specified internal and external audit 
requirements. Moreover, each ECI operator’s policies and procedures directed at OF AC 
compliance will be reviewed by a team from the New York Fed and OFAC. The first of 
these reviews is currently being planned. 

I should note that, following the announcement of the assessment of the 
$100 million civil money penalty against UBS, we again directed inquiries to our ECI 
operators to learn their reactions to the Federal Reserve’s action. All of the ECI operators 
viewed the penalty as significant and understood that it reflected the importance the New 
York Fed places on both strict compliance with the OFAC requirements of the ECI 
Agreement and the Manual of Procedures, and on the integrity of its ECI operators. 
Conclusion 

The ECI program serves an important U.S. function by ensuring that we 
supply USD banknotes to the global market in an efficient manner, and that the quality 
of, and confidence in, our currency is maintained at a high level. UBS’ egregious 
conduct should not overshadow the ECI program’s benefits. In terminating the UBS ECI 
contract, in assessing a $100 million civil money penalty against UBS for its deceptive 
conduct as a former ECI operator, and in working with the EBK to craft a coordinated 
regulatory response, the Federal Reserve acted decisively and properly to send a message 
about the importance it places on OFAC compliance. The remedial measures that we 
have put into place underscore the Federal Reserve’s commitment to ensuring that all of 
our ECI operators will comply with U.S. sanctions in their ECI transactions. 

Thank you for your attention, and I look forward to answering any 
questions you may have. 
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1. INTRODUCTION 

Chairwoman Kelly, Ranking Member Gutierrez, members of the Subcommittee, I appreciate the 
opportunity to appear before you today to discuss the challenges we at the Office of the 
Comptroller of the Currency (OCC) - and other financial institution regulators - face in 
combating money laundering in the U.S, financial system, and how we are meeting those 
challenges. I will also address the enforcement actions in this area we have recently taken 
against Riggs Bank N.A. 

As the regulator of national banks, the OCC has long been committed to the fight against money 
laundering. For more than 30 years, the OCC has been responsible for ensuring that the banks 
under its supervision have the necessary controls in place and provide requisite notices to law 
enforcement to assure that those banks are not used as vehicles to launder money for drug 
traffickers or other criminal organizations. The tragic events of 9/1 1 have brought into sharper 
focus the related concern of terrorist financing. Together with the other federal banking 
agencies, the banking industry and the law enforcement coirununity, the OCC shares the 
Subcommittee’s goal of preventing and detecting money laundering, terrorist financing, and 
other criminal acts and the misuse of our nation’s financial institutions. 

The cornerstone of the federal government’s anti-money laundering (AML) efforts is the Bank 
Secrecy Act (BSA). Enacted in 1970, the BSA is primarily a recordkeeping and reporting statute 
that is designed to ensure that bapks and other financial institutions provide relevant information 
to law enforcement in a timely fashion. The BSA has been amended several times, most recently 
through passage of the USA PATRIOT Act in the wake of the 9/1 1 tragedy. Both the Secretary 
of the Treasury, through the Financial Crimes Enforcement Network (FinCEN), and the federal 
banking agencies, have issued regulations implementing the BSA, including regulations 
requiring all banks to have a BSA compliance program, and to file reports such as suspicious 
activity reports (SARs) and currency transaction reports (CTRs). 

Due to the sheer volume of financial transactions processed through the U.S. financial system, 
primary responsibility for compliance with the BSA and the AML statutes rests with the nation’s 
financial institutions themselves. The OCC and the other federal banking agencies are charged 
with ensuring that the institutions we supervise have strong AML programs in place to identify 
and report suspicious transactions to law enforcement, and that such reports are, in fact, made. 
Thus, our supervisory processes seek to ensure that banks have systems and controls in place to 
prevent their involvement in money laundering, and that they provide the types of reports to law 
enforcement that the law enforcement agencies, in turn, need in order to investigate suspicious 
transactions that are reported. 

To accomplish our supervisory responsibilities, the OCC conducts regular examinations of 
national banks and federal branches and agencies of foreign banks in the United States. These 
examinations coverall aspects of the institution’s operations, including compliance with the 
BSA. Our resources are concentrated on those institutions, and areas within institutions, of 
highest risk. In cases of noncompliance, the OCC has broad investigative and enforcement 
authority to address the problem. 
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Unlike other financial institutions, which have only recently become subject to compliance 
program and SAR filing requirements, banks have been under such requirements for years. For 
example, banks have been required to have a BSA compliance program since 1987, and have 
been required to file SARs (or their predecessors) since the 1970s. Not surprisingly, most banks 
today have strong AML programs in place, and many of the largest institutions have programs 
that are among the best in the world. There are now approximately 1 .3 million SARs in the 
centralized database that is maintained by FinCEN. While the PATRIOT Act further augmented 
the due diligence and reporting requirements for banks in several key areas, one of its primary 
objectives was to impose requirements on nonbanking institutions that had long been applicable 
to banks. 

The OCC’s efforts in this area do not exist in a vacuum. We have long been active participants 
in a variety of interagency working groups that include representatives of the Treasury 
Department, law enforcement, and the other federal banking agencies. We also work closely 
with the FBI and other criminal investigative agencies, providing them with documents, 
information, and expertise on a case-specific basis. In addition, when we are provided with lead 
information from a law enforcement agency, we use that information to investigate further to 
ensure that BSA compliance systems are adequate. 

We continue to work to improve our supervision in this area and we are constantly revising and 
adjusting our procedures to keep pace with technological developments and the increasing 
sophistication of money launderers and terrorist financers. For example, along with the other 
federal banking agencies, the OCC recently developed examination procedures to implement 
several key sections of the PATRIOT Act, and we expect to be issuing a revised version of our 
BSA Handbook by year end. We have also recently initiated two programs that will provide 
stronger and more complete analytical information to assist our examiners in identifying banks 
that may have high money laundering risk. Specifically, we are developing a database of 
national-bank filed SARs with enhanced search and reporting capabilities, and we also are 
developing and will implement nationwide, a new risk assessment process to better identify high- 
risk banks. Additionally, we are exploring with FinCEN and the other banking agencies better 
ways to use BSA information in our examination process to better identify risks and 
vulnerabilities in the banking system. 

Recent events surrounding Riggs Bank N.A. have heightened interest in how the banking 
agencies, and the OCC in particular, conduct supervision for BSA/ AML compliance. Together 
with FinCEN, the OCC recently assessed a record $25 million civil money penalty (CMP) 
against Riggs Bank N.A. The OCC also imposed a supplemental cease and desist (C&D) order 
on the bank, requiring the institution to strengthen its controls and improve its processes in the 
BSA/AML area. Along with the C&D order we issued against the bank in July 2003, these and 
other actions we have taken have greatly reduced the bank’s current risk profile. 

However, with the benefit of hindsight, it is clear that the supervisory actions that we previously 
took against the bank were not sufficient to achieve satisfactory and timely compliance with the 
BSA, that more probing inquiry should have been made into the bank’s high risk accounts, and 
that stronger, more forceful enforcement action should have been taken sooner. While we do not 
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believe that Riggs is representative of the OCC’s supervision in the BSA/AML area, we are 
nonetheless taking a number of steps to guard against a repeat of this type of situation. In this 
regard, the Comptroller has directed that our Quality Management Division commence a review 
and evaluation of our BSA/AML supervision of Riggs and make recommendations to him on 
several issues concerning our approach to and the adequacy of our BSA/AML supervision 
programs generally, and particularly with respect to Riggs. 

II. BACKGROUND AND LEGAL FRAMEWORK 

In 1970 Congress passed the “Currency and Foreign Transactions Reporting Act” otherwise 
known as the “Bank Secrecy Act” (BSA), which established requirements for recordkeeping and 
reporting by private individuals, banks and other financial institutions. The BSA was designed 
to help identify the source, volume and movement of currency and other monetary instruments 
into or out of the United States or being deposited in financial institutions. The statute sought to 
achieve that objective by requiring individuals, banks and other financial institutions to create a 
paper trail by keeping records and filing reports of certain financial transactions and of unusual 
currency transfers. This information then enables law enforcement and regulatory agencies to 
pursue investigations of criminal, tax and regulatory violations. 

The BSA regulations require all financial institutions to submit various reports to the 
government. The most common of these reports are; (1) FinCEN Form 104 (formerly IRS Form 
4789) - Currency Transaction Report (CTR) for each payment or transfer, by, through or to a 
financial institution, which involves a transaction in currency of more than $10,000; and (2) 
FinCEN Form 105 (formerly Customs Form 4790) - Report of International Transportation of 
Currency or Monetary Instruments (CMIR) for each person who physically transports monetary 
instruments in an aggregate amount exceeding $10,000 into or out of the United States. Bank 
supervisors are not responsible for investigating or prosecuting violations of criminal law that 
may be indicated by the information contained in these reports; they are, however, charged with 
assuring that the requisite reports are filed timely and accurately. 

The Money Laundering Control Act of 1986 precludes circumvention of the BSA requirements 
by imposing criminal liability for a person or institution that knowingly assists in the laundering 
of money, or who structures transactions to avoid reporting. It also directed banks to establish 
and maintain procedures reasonably designed to assure and monitor compliance with the 
reporting and recordkeeping requirements of the BSA. As a result, on January 27, 1987, all 
federal bank regulatory agencies issued essentially similar regulations requiring banks to develop 
procedures for BSA compliance. The OCC’s regulation requiring that every national bank 
maintain an effective BSA compliance program is set forth at 12 C.F.R. § 21 .21 and is described 
in more detail below. 

Together, the BSA and the Money Laundering Control Act charge the bank regulatory agencies 
with: 

• overseeing banks’ compliance with the regulations described, which direct banks to 
establish and maintain a BSA compliance program; 
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• requiring that each examination includes a review of this program and describes any 
problems detected in the agencies’ report of examination; and 

• taking C&D actions if the agency determines that the bank has either failed to establish 
the required procedures or has failed to correct any problem with the procedures which 
was previously cited by the agency. 

The Annunzio-Wylie Anti-Money Laundering Act, which was enacted in 1992, strengthened the 
sanctions for BSA violations and the role of the Treasury Department. It contained the following 
provisions: 

• a so-called “death penalty” sanction, which authorized the revocation of the charter of a 
bank convicted of money laundering or of a criminal violation of the BSA; 

• an authorization for Treasury to require the filing of suspicious-transaction reports by 
financial institutions; 

• the grant of a “safe harbor” against civil liability to persons who report suspicious 
activity; and 

• an authorization for Treasury to issue regulations requiring all financial institutions, as 
defined in BSA regulations, to maintain “minimum standards” of an AML program. 

Two years later, Congress passed the Money Laundering Suppression Act, which primarily 
addressed Treasury’s role in combating money laundering. This statute: 

• directed Treasury to attempt to reduce the number of CTR filings by 30 percent and, to 
assist in this effort, it established a system of mandatory and discretionary exemptions for 
banks; 

• required Treasury to designate a single agency to receive SARs; 

• required Treasury to delegate CMP powers for BSA violations to the federal bank 
regulatory agencies subject to such terms and conditions as Treasury may require; 

• required nonbank financial institutions to register with Treasury; and 

• created a safe harbor from penalties for banks that use mandatory and discretionary 
exemptions in accordance with Treasury directives. 

Finally, in 2001, as a result of the 9/1 1 terror attacks, Congress passed the USA PATRIOT Act. 
The PATRIOT Act is arguably the single most significant AML law that has been enacted since 
the BSA itself Among other things, the PATRIOT Act augmented the existing BSA framework 
by prohibiting banks from engaging in business with foreign shell banks, requiring banks to 
enhance their due diligence procedures concerning foreign correspondent and private banking 
accounts, and strengthening their customer identification procedures. The PATRIOT Act also: 

• provides the Secretary of the Treasury with the authority to impose special measures on 
jurisdictions, institutions, or transactions that are of “primary money-laundering 
concern”; 

• facilitates records access and requires banks to respond to regulatory requests for 
information within 120 hours; 

• requires regulatory agencies to evaluate an institution’s AML record when considering 
bank mergers, acquisitions, and other applications for business combinations; 
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• expands the AML program requirements to all financial institutions; and 

• increases the civil and criminal penalties for money laundering. 

The OCC and the other federal banking agencies have issued two virtually identical regulations 
designed to ensure compliance with the BSA. The OCC’s BSA compliance regulation, 1 2 
C.F.R. § 2 1 .2 1 , requires every national bank to have a written program, approved by the board 
of directors, and reflected in the minutes of the bank. The program must be reasonably designed 
to assure and monitor compliance with the BSA and must, at a minimum: (1) provide for a 
system of internal controls to assure ongoing compliance; (2) provide for independent testing for 
compliance; (3) designate an individual responsible for coordinating and monitoring day-to-day 
compliance; and (4) provide training for appropriate personnel. In addition, the implementing 
regulation for section 326 of the PATRIOT Act requires that every bank adopt a customer 
identification program as part of its BSA compliance program. 

The OCC’s SAR regulation, 12 C.F.R. §21.11, requires every national bank to file a SAR when 
they detect certain known or suspected violations of federal law or suspicious transactions 
related to a money laundering activity or a violation of the BSA. This regulation mandates a 
SAR filing for any potential crimes: (1) involving insider abuse regardless of the dollar amount; 
(2) where there is an identifiable suspect and the transaction involves $5,000 or more; and (3) 
where there is no identifiable suspect and the transaction involves $25,000 or more. 

Additionally, the regulation requires a SAR filing in the case of suspicious activity that is 
indicative of potential money laundering or BSA violations and the transaction involves $5,000 
or more. 

III. OCC’S BSA/AML SUPERVISION 

The OCC and the other federal banking agencies are charged with ensuring that banks maintain 
effective AML programs. The OCC's AML responsibilities are coextensive with our regulatory 
mandate of ensuring the safety and soundness of the national banking system. Our supervisory 
processes seek to ensure that institutions have compliance programs in place that include systems 
and controls to satisfy applicable CTR and SAR filing requirements, as well as other reporting 
and recordkeeping requirements to which banks are subject under the BSA. 

The OCC devotes significant resources to BSA/AML supervision. The OCC has nearly 1700 
examiners in the field, many of whom are involved in both safety and soundness and compliance 
with applicable laws including the BSA. We have over 300 examiners onsite at our largest 
national banks, engaged in continuous supervision of all aspects of their operations. In 2003, the 
equivalent of approximately 40 full time employees were dedicated to BSA/AML supervision. 
The OCC also has three full time BSA/AML compliance specialists in our Washington D.C. 
headquarters office dedicated to developing policy, training, and assisting on complex 
examinations. In addition, the OCC has a full-time fraud expert in Washington D.C., who is 
responsible for tracking the activities of offshore shell banks and other vehicles for defrauding 
banks and the public. These resources are supplemented by dozens of attorneys in our district 
offices and Washington D.C. headquarters office who work on compliance matters. In 2003 
alone, not including our continuous large bank supervision, the OCC conducted approximately 


6 



60 


!,340 BSA examinations of 1,100 institutions and, since 1998, we have completed nearly 5,700 
BSA examinations of 5,300 institutions. 

The OCC monitors compliance with the BSA and money laundering laws through its BSA 
compliance and money laundering prevention examination procedures. The OCC’s examination 
procedures were developed by the OCC, in conjunction with the other federal banking agencies, 
based on our extensive experience in supervising and examining national banks in the area of 
BSA/ AML compliance. The procedures are risk-based, focusing our examination resources on 
high-risk banks and high-risk areas within banks. During an examination, examiners use the 
procedures to review the bank’s policies, systems, and controls. Examiners test the bank’s 
systems by reviewing certain individual transactions when they note control weaknesses, have 
concerns about high-risk products or services in a bank, or receive information from a law 
enforcement or other external source. 

In 1997, the OCC formed the National Anti-Money Laundering Group (NAMLG), an internal 
task force that serves as the focal point for all BSA/AML matters. Through the NAMLG, the 
OCC has undertaken a number of projects designed to improve the agency's supervision of the 
BSA/AML activities of national banks. These projects include the development of a program to 
identify high-risk banks for expanded scope BSA examinations and the examination of those 
banks using agency experts and expanded procedures; examiner training; the development of 
revised examination procedures; and the issuance of policy guidance on various BSA/AML 
topics. 

Over the years, the N/kMLG has had many significant accomplishments including; 

• publishing and updating numerous guidance documents, including the Comptroller’s 
BSA Handbook, extensive examination procedures, numerous OCC advisories, bulletins 
and alerts, and a comprehensive reference guide for bankers and examiners; 

• providing expertise to the Treasury Department and the Department of Justice in drafting 
the annual U.S. National Money Laundering Strategy; 

• providing expertise to the Treasury Department, FinCEN and the other federal banking 
agencies in drafting the regulations to implement the PATRIOT Act; and 

• developing state-of-the-art training programs for OCC and other federal and foreign 
regulatory authorities in training their examiners in BSA/AML supervision. 

To deploy its resources most effectively, the OCC uses criteria developed by NAMLG that 
targets banks for expanded scope AML examinations. Experienced examiners and other OCC 
experts who specialize in BSA compliance, AML, and fraud are assigned to the targeted 
examinations. The examinations focus on areas of identified risk and include comprehensive 
transactional testing procedures. The following factors are considered in selecting banks for 
targeted examinations: 

• locations in high-intensity drug trafficking areas (HIDTA) or high-intensity money 
laundering and related financial crime areas (HIFCA); 

• excessive currency flows; 

• significant international, private banking, fiduciary or other high-risk activities; 
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• unusual suspicious activity reporting patterns; 

• unusual large currency transaction reporting patterns; and 

• fund transfers or account relationships with drag source countries or countries with 
stringent financial secrecy laws. 

The program may focus on a particular area of risk in a given year. For example, our 2005 
targeting program will focus on banks that have significant business activity involving foreign 
money services businesses. In prior years, our targeting focus has been on banks that have 
significant business activity in private banking, offshore banking, and lines of business subject to 
a high risk of terrorist financing. 

Other responsibilities of the NAMLG include sharing information about money laundering 
issues with the OCC’s District offices; analyzing money laundering trends and emerging issues; 
and promoting cooperation and information sharing with national and local AML groups, the law 
enforcement community, bank regulatory agencies, and the banking industry. 

NAMLG has also worked with law enforcement agencies and other regulatory agencies to 
develop an interagency examiner training curriculum that includes instruction on common 
money laundering schemes. In addition, the OCC has conducted AML training for foreign bank 
supervisors and examiners two to three times per year for the past four years. Over 250 foreign 
bank supervisors have participated in this training program. Recently, the World Bank 
contracted with the OCC to tape our international BSA school for worldwide broadcast. The 
OCC has also partnered with the State Department to provide AML training to high-risk 
jurisdictions, including selected Middle Eastern countries. And we consistently provide 
instructors for the Federal Financial Institutions Examination Council schools, which are now 
patterned after the OCC’s school. In total, the OCC’s AML schools have trained approximately 
550 OCC examiners over the past five years. 

OCC’s Enforcement Authority 

Effective bank supervision requires clear communications between the OCC and the bank’s 
senior management and board of directors. In most cases, problems in the BSA/AML area, as 
well as in other areas, are corrected by bringing the problem to the attention of bank management 
and obtaining management’s commitment to take corrective action. An OCC Report of 
Examination documents the OCC’s findings and conclusions with respect to its supervisory 
review of a bank. Once problems or weaknesses are identified and communicated to the bank, 
the bank’s senior management and board of directors are expected to promptly correct them. 

The actions that a bank takes, or agrees to take, to correct deficiencies documented in its Report 
are important factors in determining whether more forceful action is needed. 

OCC enforcement actions fall into two broad categories: informal and formal. In general, 
informal actions are used when the identified problems are of limited scope and magnitude and 
bank management is regarded as committed and capable of correcting them. Informal actions 
include commitment letters, memoranda of understanding and matters requiring board attention 
in examination reports. These generally are not public actions. 
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The OCC also may use a variety of formal enforcement actions to support its supervisory 
objectives. Unlike most informal actions, formal enforcement actions are authorized by statute, 
are generally more severe, and are disclosed to the public. Formal actions against a bank include 
C&D orders, formal written agreements and CMPs. C&D orders and formal agreements are 
generally entered into consensually by the OCC and the bank and require the bank to take certain 
actions to correct identified deficiencies. The OCC may also take formal action against officers, 
directors and other individuals associated with an institution (institution-affiliated parties). 
Possible actions against institution-affiliated parties include removal and prohibition from 
participation in the banking industry, CMPs and C&D orders. 

In the BSA area, the OCC’s CMP authority is concurrent with that of FinCEN. In cases 
involving systemic noncompliance with the BSA, in addition to taking our own actions, the OCC 
refers the matter to FinCEN. In the case of Riggs Bank, the OCC and FinCEN worked together 
on the CMP against the bank. 

In recent years, the OCC has taken numerous formal actions against national banks to bring them 
into compliance with the BSA. These actions are typically C&D orders and formal agreements. 
The OCC has also taken fomal actions against institution-affiliated parties who participated in 
BSA violations. From 1998 to 2003, the OCC has issued a total of 78 formal enforcement 
actions based in whole, or in part, on BSA/ AML violations. During this same time period, the 
OCC has also taken countless informal enforcement actions to correct compliance program 
deficiencies that did not rise to the level of a violation of law. 

Significant BSA/AML Enforcement Actions 

The OCC has been involved in a number of cases involving serious BSA violations and, in some 
cases, actual money laundering. Some of the more significant cases involved the Bank of China 
(New York Federal Branch), Broadway National Bank, Banco do Estado de Parana (New York 
Federal Branch), and Jefferson National Bank. There are also dozens of other examples where 
the OCC identified significant money laundering or BSA non-compliance, took effective action 
to stop the activity, and ensured that accurate and timely referrals were made to law enforcement. 

Bank of China. New York Federal Branch 


In May 2000, OCC examiners conducting a safety and soundness examination discovered 
serious misconduct on the part of the branch and its former officials, including the facilitation of 
a fraudulent letter of credit scheme and other suspicious activity and potential fraud and money 
laundering. The misconduct, which resulted in significant losses to the branch, was subsequently 
referred to law enforcement. In January 2002, the OCC and the Peoples Bank of China entered 
into companion actions against the Bank of China and its U.S.-based federal branches. The 
bank’s New York branch agreed to pay a $10 million penalty assessed by the OCC and the 
parent bank, which is based in Beijing, agreed to pay an equivalent amount in local currency to 
the People’s Bank of China, for a total of $20 million. The OCC also required that the branch 
execute a C&D order which, among other things, required it to establish account opening and 
monitoring procedures, a system for identifying high risk customers, and procedures for regular, 
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ongoing review of account activity of high risk customers to monitor and report suspicious 
activity. The OCC also took actions against six institution-affiliated parties. 

Broadway National Bank, New York, New York 

In March of 1 998, the OCC received a tip from two separate law enforcement agencies that this 
bank may be involved in money laundering. The OCC immediately opened an examination 
which identified a number of accounts at the bank that were either being used to structure 
transactions, or were receiving large amounts of cash with wire transfers to countries known as 
money laundering and drug havens. Shortly thereafter, the OCC issued a C&D order which shut 
down the money laundering and required the bank to adopt more stringent controls. The OCC 
also initiated prohibition and CMP cases against bank insiders. In referring the matter to law 
enforcement, we provided relevant information including the timing of deposits that enabled law 
enforcement to seize approximately $4 million and arrest a dozen individuals involved in this 
scheme. The subsequent OCC investigation resulted in the filing of additional SARs, the seizure 
of approximately $2.6 million in additional funds, more arrests by law enforcement, and a 
referral by the OCC to FinCEN. In November 2002, the bank pled guilty to a three count felony 
information that charged it with failing to maintain an AML program, failing to report 
approximately $123 million in suspicious bulk cash and structured cash deposits, and aiding and 
assisting customers to structure approximately $76 million in transactions to avoid the CTR 
requirements. The bank was required to pay a $4 million criminal fine. 

Banco do Estado do Parana. Federal Branch. New York, N. Y (Baneslado). 

In the summer of 1997, the OCC received information from Brazilian government officials 
concerning unusual deposits leaving Brazil via overnight courier. The OCC immediately 
dispatched examiners to the branch that was receiving the majority of the funds. OCC examiners 
discovered significant and unusually large numbers of monetary instruments being shipped via 
courier into the federal branch from Brazil and other countries in South America, as well as 
suspicious wire transfer activity that suggested the layering of the shipped deposits through 
various accounts with no business justification for the transfers. The OCC entered into a C&D 
order with the federal branch and its head office in Brazil in January 1998 that required controls 
over the courier and wire transfer activities and the filing of SARs with law enforcement. The 
OCC also hosted several meetings with various law enforcement agencies discussing these 
activities and filed a referral with FinCEN. Shortly thereafter, the Brazilian bank liquidated the 
branch. In May of 2000, the OCC assessed a CMP against the branch for $75,000. 

Jefferson National Bank. Watertown, New York 

During the 1993 examination of this bank, the OCC learned from the Federal Reserve Bank of 
New York that the bank was engaging in cash transactions that were not commensurate with its 
size. OCC examiners subsequently discovered that several bank customers were depositing large 
amounts of cash that did not appear to be supported by the purported underlying business, with 
the funds being wired offshore. The OCC filed four criminal referral forms (predecessor to the 
SAR) with law enforcement pertaining to this cash activity and several additional criminal 
referral forms pertaining to insider abuse and fraud at the bank. The OCC also briefed several 
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domestic and Canadian law enforcement agenci^ alerting them to the significant sums of money 
flowing through these accounts at the bank. Based upon this information, law enforcement 
commenced an investigation of these large deposits. The investigation resulted in one of the 
most successful money laundering prosecutions in U.S. government history. The significant 
sums of money flowing through the bank were derived from cigarette and liquor smuggling 
through the Akwesasne Indian Reservation in northern New York. The ring smuggled $687 
million worth of tobacco and alcohol into Canada between 1991 and 1997. The case resulted in 
21 indictments that also sought the recovery of assets totaling $557 million. It also resulted in 
the December 1 999 guilty plea by a subsidiary of R.J. Reynolds tobacco company and the 
payment of a $1 5 million criminal fine. The four criminal referral forms filed by the OCC in the 
early stages of this investigation were directly on point and pertained to the ultimate ringleaders 
in the overall scheme. These money laundering cases were in addition to the C&D order entered 
into with the bank, the prohibition and CMP cases that were brought by the OCC, and the insider 
abuse bank fraud cases that were brought by law enforcement against some of the bank’s officers 
and directors. Seven bank officers and directors were ultimately convicted of crimes. 

OCC Cooperation with Law Enforcement and Other Agencies 

As the above cases illustrate, combating money laundering depends on the cooperation of law 
enforcement, the bank regulatory agencies, and the banks themselves. The OCC participates in a 
number of interagency working groups aimed at money laundering prevention and enforcement, 
and meets on a regular basis with law enforcement agencies to discuss money laundering issues 
and share information that is relevant to money laundering schemes. For example, the OCC is an 
original member of both the National Interagency Bank Fraud Working Group and the Bank 
Secrecy Act Advisory Group. Both of these groups include representatives of the Department of 
Justice, the FBI, the Treasury Department, and other law enforcement agencies, as well as the 
federal banking agencies. Through our interagency contacts, we sometimes receive leads as to 
possible money laundering in banks that we supervise. Using these leads, we can target 
compliance efforts in areas where we are most likely to uncover problems. For example, if the 
OCC receives information that a particular account is being used to launder money, our 
examiners would then review transactions in that account for suspicious funds movements, and 
direct the bank to file a SAR if suspicious transactions are detected. The OCC also provides 
information, documents, and expertise to law enforcement for use in criminal investigations on a 
case-specific basis. 

The OCC has also played an important role in improving the AML and terrorist financing 
controls in banking throughout the world. For the past several years, the OCC has provided 
examiners to assist with numerous U.S. government-sponsored international AML and terrorist 
financing assessments. We have a cadre of specially trained examiners that has provided 
assistance to the Treasury Department and the State Department on these assessments in various 
parts of the world, including South and Central America, the Caribbean, the Pacific-rim nations, 
the Middle East, Russia and the fonner Eastern Bloc nations. In this regard, the cadre has 
participated in terrorist financing investigations, assessed local money laundering laws and 
regulatory infrastructure, and provided training to bank supervisors. 
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The OCC is also providing direct assistance to the Coalition Provisional Authority (CPA) of 
Iraq. Four OCC examiners are currently working in Iraq as technical assistance advisers to the 
CPA’s Ministry of Finance and helping their counterparts at the Central Bank of Iraq develop a 
risk-based supervisory system tailored to the Iraqi banking system. The OCC examiners are 
assisting in the development of a law addressing money laundering and terrorist financing that is 
close to enactment by the CPA, the drafting of new policy and examination manuals to 
implement this law, and they are providing extensive AML training to Iraqi bank regulators. 

IV. POST 9/11 ACTIVITIES AND THE IMPLEMENTATION OF THE USA PATRIOT 
ACT 

In the immediate aftermath of the 9/1 1 terror attacks, the OCC participated in a series of 
interagency meetings with bankers sponsored by the New York Clearinghouse to discuss the 
attacks and their impact on the U.S. economy and banking system, and provided guidance to the 
industry concerning the various requests from law enforcement for account and other 
information. The OCC was also instrumental in working with the other banking agencies to 
establish an electronic e-mail system for law enforcement to request information about suspected 
terrorists and money launderers from every financial institution in the country. This FBI Control 
List system was in place five weeks after 9/1 1 and was the precursor to the current system 
established under section 314(a) of the PATRIOT Act, which is now administered by FinCEN. 

At the same time, the OCC established a secure emergency communications e-mail system for 
all national banks through the OCC’s BankNet technology. 

In October 2001, Congress passed the USA PATRIOT Act. The OCC has been heavily involved 
in the many interagency work groups tasked with writing regulations to implement the 
PATRIOT Act over the past few years. To date, these work groups have issued final rules 
implementing sections 3 1 3 (foreign shell bank prohibition); 3 1 9(b) (foreign correspondent bank 
account records), 314 (information sharing), and 326 (customer identification). The OCC was 
also involved in drafting the interim final rule implementing section 3 1 2 (foreign private banking 
and correspondent banking). 

The OCC took the lead in developing the current 314(a) process for disseminating information 
between law enforcement and the banks. The OCC worked with the interested regulatory and 
law enforcement agencies, and drafted detailed instructions to banks concerning the 314(a) 
process and the extent to which banks are required to conduct record and transactions searches 
on behalf of law enforcement. The OCC also took the lead in drafting a frequently asked 
questions (FAQs) document to provide further guidance as to the types of accounts and 
transactions required to be searched, when manual searches for this information would be 
required, and the timeframes for providing responses back to law enforcement. Under the new 
procedures, 314(a) requests from FinCEN are batched and issued every two weeks, unless 
otherwise indicated, and financial institutions have two weeks to complete their searches and 
respond with any matches. 

Throughout this process, the OCC continually assisted FinCEN in maintaining an accurate 
electronic database of 314(a) contacts for every national bank and federal branch, provided 
effective communications to the industry through agency alerts concerning the 314(a) system. 
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and participated in quarterly interagency meetings with fellow regulators and law enforcement 
agencies to ensure that the process was working effectively and efficiently. 

The OCC also took the lead in drafting the interagency Customer Identification Program (CIP) 
regulation mandated by Section 326 of the PATRIOT Act, which mandates the promulgation of 
regulations that, at a minimum, require financial institutions to implement reasonable procedures 
for: (1) verifying the identity of any person seeking to open an account, to the extent reasonable 
and practicable; (2) maintaining records of the information used to verify the person’s identity, 
including name, address, and other identifying information; and (3) determining whether the 
person appears on any lists of known or suspected terrorists or terrorist organizations provided to 
the financial institution by any government agency. The OCC is also the primary drafter of 
interagency FAQs concerning the implementation of the CIP rules. A second set of interagency 
FAQs will be issued shortly. 

In order to assess PATRIOT Act implementation by the industry, in the summer of 2002, the 
OCC conducted reviews of all of its large banks to assess their compliance with the regulations 
issued under the PATRIOT Act up to that time, and to evaluate the industry response to terrorist 
financing risk. Although, at that time, many of the PATRIOT Act regulations had not yet been 
finalized, we felt it was important to ascertain the level of bank compliance with and 
understanding of the new requirements. The purpose of these reviews was to discern the types of 
systems and controls banks had in place to deter terrorist financing, and follow up with full- 
scope AML exams in institutions that had weaknesses. As a result of these reviews, the OCC 
was able to obtain practical first hand knowledge concerning how banks were interpreting the 
new law, whether banks were having problems implementing the regulations or controlling 
terrorist financing risk, and which banks needed further supervision in this area. 

On October 20, 2003, the OCC issued interagency examination procedures to evaluate national 
bank compliance with the requirements of Section 313 and 319(b), and Section 314 of the 
PATRIOT Act. The procedures were designed to assess how well banks are complying with the 
new regulations and to facilitate a consistent supervisory approach among the banking agencies. 
OCC examiners are now using the procedures during BSA/AML examinations of the institutions 
under our supervision. The procedures allow examiners to tailor the examination scope 
according to the reliability of the bank’s compliance management system and the level of risk 
assumed by the institution. An interagency working group is currently drafting examination 
procedures concerning Section 326 of the PATRIOT Act. The OCC is also the primary drafter 
of these procedures and we expect that they will be issued shortly. 

OCC Outreach and Industry Education 

As previously stated, the primary responsibility for ensuring that banks are in compliance with 
the BSA lies with the bank's management and its directors. To aid them in meeting this 
responsibility, the OCC devotes extensive time and resources to educating the banking industry 
about its obligations under the BSA. This has typically included active participation in 
conferences and training sessions across the country. For example, in 2002 the OCC sponsored a 
nationwide teleconference to inform the banking industry about the PATRIOT Act. This 
teleconference was broadcast to 774 sites with approximately 5,400 listeners. 
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The OCC also provides guidance to national banks through: (1) industry outreach efforts that 
include roundtable discussions with bankers and industry wide conference calls sponsored by the 
OCC; (2) periodic bulletins that inform and remind banks of their responsibilities under the law, 
applicable regulations, and administrative rulings dealing with BSA reporting requirements and 
money laundering; (3) publications, including the distribution of comprehensive guide in this 
area entitled Money Laundering: A Banker's Guide to Avoiding Problems ; (4) publication and 
distribution of the Comptroller’s BSA Handbook which contains the OCC’s BSA examination 
procedures, and the Comptroller’s Handbook for Community Bank Supervision which provides 
guidance on BSA/ AML risk assessment; and (5) periodic alerts and advisories of potential frauds 
or questionable activities, such as alerts on unauthorized banks and FinCEN reporting processes. 
In addition, senior OCC officials are regular participants in industry seminars and forums on the 
BSA, the PATRIOT Act, and related topics. 

Current Supervisory Initiatives 

The OCC uses somewhat different examination approaches depending largely on the size of the 
institution and its risk profile. In large banks (generally total assets of $25 billion) and mid-size 
banks (generally total assets of $5 billion), OCC examiners focus first on the bank’s BSA 
compliance program. These banks are subject to our general BSA/AML examination procedures 
that include, at a minimum, a review of the bank’s internal controls, policies, procedures, 
customer due diligence, SAR/CTR information, training programs, and compliance audits. We 
also evaluate BSA officer competence, the BSA program structure, and the bank’s audit 
program, including the independence and competence of the audit staff. While examining for 
overall BSA compliance, examiners typically focus on suspicious activity monitoring and 
reporting systems and the effectiveness of the bank’s customer due diligence program. 

Additional and more detailed procedures are conducted if control weaknesses or concerns are 
encountered during the general procedures phase of the examination. These supplemental 
procedures include: 

• transaction testing to ascertain the level of risk in the particular business area (e.g., 
private banking, payable upon proper identification programs (PUPID), nonresident alien 
accounts, international brokered deposits, foreign correspondent banking, and pouch 
activity) and to determine whether the bank is complying with its policies and 
procedures, including SAR and CTR filing requirements; 

• evaluation of the risks in a particular business line or in specific accounts and a 
determination as to whether the bank is adequately managing the risks; 

• a selection of bank records to determine that its recordkeeping processes are in 
compliance with the BSA. 

For community banks (generally total assets under $5 billion), examiners determine the 
examination scope based on the risks facing the institution. For low-risk banks, examiners 
evaluate changes to the bank’s operations and review the bank’s BSA/AML compliance 
program. For banks with higher risk characteristics and weak controls, additional procedures are 
performed, including review of a sample of high-risk accounts and additional procedures set 
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forth above. Examiners also perform periodic monitoring procedures between examinations and 
conduct follow-up activities when significant issues are identified. 

Use of CTR and SAR Data in the Examination Process 


All banks are required by regulation to report suspected crimes and suspicious transactions that 
involve potential money laundering or violate the BSA. In April 1996, the OCC, together with 
the other federal banking agencies, and FinCEN, unveiled the SAR system, SAR form, and 
database. This system provides law enforcement and regulatory agencies online access to the 
entire SAR database. Based upon the information in the SARs, law enforcement agencies may 
then, in turn, initiate investigations and, if appropriate, take action against violators. By using a 
universal SAR form, consolidating filings in a single location, and permitting electronic filing, 
the system greatly improves the reporting process and makes it more useful to law enforcement 
and to the regulatory agencies. As of December 2003, banks and regulatory agencies had filed 
over 1 .3 million SARs, with national banks by far the biggest filers. Nearly 50% of these SARs 
were for suspected BSA/money laundering violations. 

The OCC also uses the SAR database as a means of identifying high-risk banks and high-risk 
areas within banks. Year-to-year trend information on the number of SARs and CTRs filed is 
used to identify banks with unusually low or high filing activity. This is one factor used by the 
OCC to identify high-risk banks. Examiners also review SARs and CTRs to identify accounts to 
include in the examination sample. Accounts where there have been repetitive SAR filings or 
accounts with significant cash activity in a high-risk business or inconsistent with the type of 
business might be accounts selected for the sample. 

V. RIGGS BANK ENFORCEMENT ACTIONS 

As previously mentioned, the OCC and FinCEN recently assessed a $25 million CMP against 
Riggs Bank N.A. for violations of the BSA and its implementing regulations, and for failing to 
comply with the requirements of an OCC C&D order that was signed by the bank in July 2003. 
Also, in a separate C&D action dated May 13, 2004 to supplement the C&D we had issued in 
July 2003, the OCC directed the bank to take a number of steps to correct deficiencies in its 
internal controls, particularly in the BSAAML area. Among other requirements in this separate 
action, the OCC directed the bank to: 

• Ensure competent management. Within 30 days, the board of directors must determine 
whether management or staff changes are needed and whether management skills 
require improvement. 

• Develop a plan to evaluate the accuracy and completeness of the bank’s books and 
records, and develop a methodology for determining that information required by the 
BSA is appropriately documented, filed and maintained. 

• Adopt and implement comprehensive written policies for internal controls applicable to 
the bank’s account relationships and related staffing, including the Embassy and 
International Private Banking Group. Among other requirements, the policies must 
mandate background checks of all relationship managers at least every three years and 
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must prohibit any employee from having signature authority, ownership or custodial 
powers for any customer account. 

• Develop and implement a policy that permits dividend payments only when the bank is 
in compliance with applicable law and upon written notice to the OCC. 

• Adopt and implement an internal audit program sufficient to detect irregularities in the 
bank’s operation, determine its level of compliance with applicable laws and regulations 
and provide for testing to support audit findings, among other requirements. 

These actions were based on a finding that the bank had failed to implement an effective AML 
program. As a result, the bank did not detect or investigate suspicious transactions and had not 
filed SARs as required under the law. The bank also did not collect or maintain sufficient 
information about its foreign bank customers. In particular, the OCC found a number of 
problems with the bank’s account relationship with foreign governments, including Saudi Arabia 
and Equatorial Guinea, Riggs failed to properly monitor, and report as suspicious, transactions 
involving tens of million of dollars in cash withdrawals, international drafts that were returned to 
the bank, and numerous sequentially-numbered cashier’s checks. The OCC will continue to 
closely monitor the corrective action that the bank takes in response to the Order and we are 
prepared to take additional actions if necessary. 

These actions are the most recent of a series of escalating supervisory and enforcement reactions 
to ongoing deficiencies in Riggs BSA/AML compliance program. Since this matter involves an 
open bank and open investigations, there are limitations on what can be said without disclosing 
confidential supervisory information and potentially compromising fiiture criminal, civil and 
administrative actions. With that caveat, we have tried to set out below a summary of our 
supervision of this institution in the BSA/AML area, dating back to 1997, 

The OCC first identified deficiencies in Riggs’ procedures several years ago. Beginning in the 
late 1990’s we recognized the need for improved processes at Riggs and for improvements in the 
training in, and awareness of, the BSA’s requirements and in the controls over their BSA 
processes. Prior to 9/11, the OCC visited the bank at least once a year and sometimes more often 
to either examine or review the Bank’s BSA/AML compliance program. 

Over this timeframe OCC examiners consistently found that Riggs' BSA compliance program 
was either “satisfactory” or “generally adequate,” meaning that it met the minimum requirements 
of the BSA, but we nonetheless continued to identify weaknesses and areas of its program that 
needed improvement in light of the business conducted by the bank. We addressed these 
weaknesses using various informal, supervisory actions. Generally, this involved bringing the 
problems to the attention of bank management and the board and securing their commitment to 
take corrective action. 

During this period, it was clear that the bank’s compliance program needed improvement but we 
determined that the program weaknesses did not rise to the level of a violation of our regulation 
or pervasive supervisory concern. The OCC identified problems with the bank’s internal audit 
coverage in this area, its internal monitoring processes, and its staff training on the BSA and 
customer due diligence requirements. Repeatedly, management took actions to address specific 
OCC concerns but, as is now clear, the corrective actions being taken often were not sufficient to 
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achieve the intended results. The bank was continually taking steps to respond to OCC 
criticisms, but failed to take action on its own to improve its overall compliance program, 
especially with regard to high-risk areas. Due to the lack of an effective and proactive 
management team, additional weaknesses and deficiencies were continually identified by the 
OCC over this time period, but bank follow-up on these weaknesses ultimately proved to be 
ineffective and the problems continued longer than they should have. 

As various changes occurred in the regulatory expectations for banks relative to BSA compliance 
and related issues over this period of time, our scrutiny of the bank was adjusted accordingly. 

For example, when the Financial Action Task Force and FinCEN identified “uncooperative” 
countries, we conducted an examination at Riggs that specifically focused on account 
relationships with those countries and determined that the bank did not have extensive 
transaction activity with any of the countries on the list. In addition, Treasury issued its guidance 
on “politically exposed persons” in January 2001, and, as a result, the OCC’s focus on the risks 
associated with the Riggs’ embassy banking business began to increase and our supervisory 
activities were heightened accordingly. However, at that time, the Kingdom of Saudi Arabia was 
not viewed as a country that posed heightened risk of money laundering or terrorist financing, 
and Equatorial Guinea had just begun to reap the financial benefits of the discovery of large oil 
reserves in the mid-1990s. 

After 9/11, the OCC escalated its supervisory efforts to bring Riggs’ compliance program to a 
level commensurate with the risks that were undertaken by the bank and we believed that we 
were beginning to see some progress in this regard. In fact, the bank was beginning the process 
of a major computer system conversion that would address many of the shortcomings in the 
existing information systems that the bank was relying on. Unfortunately, bank management had 
to adjust the timeline repeatedly. This caused significant delays in the implementation date, 
pushing it from the original target of year-end 2002 to September 2003. Thus, the bank was not 
able to fulfill many of the commitments that it made to the OCC to correct our concerns 
pertaining to their BSA compliance program. Also, as previously mentioned, the OCC 
conducted a series of anti-terrorist financing reviews at our large or high-risk banks, including 
Riggs, in 2002. As a result of these reviews and other internal assessments, plus published 
accounts of suspicious money transfers involving Saudi Embassy accounts, our concerns 
regarding Riggs BSA/AML compliance were heightened. Thus, we commenced another 
examination of Riggs in January of 2003. 

The focus of the January 2003 examination was on Riggs’ Embassy banking business, and, in 
particular, the accounts related to the Embassy of Saudi Arabia, Due to its Washington D.C. 
location, its extensive retail branch network, and its expertise in private banking, Riggs found 
embassy banking to be particularly attractive and had developed a market niche. In fact, at one 
time, 95% of all foreign embassies in the U.S., and 50% of the embassies in London conducted 
their banking business with Riggs. The OCC’s examination lasted for approximately five 
months and involved experts in the BSA/AML area. The findings from the January 2003 
examination formed the basis for the July 2003 C&D order entered into with the bank. The OCC 
also identified violations of the BSA that were referred to FinCEN, 
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During the course of the 2003 examination, the OCC cooperated extensively with investigations 
by law enforcement into certain suspicious transactions involving the Saudi Embassy 
relationship. These transactions involved tens of millions of dollars in cash withdrawals from 
accounts related to the Embassy of Saudi Arabia; dozens of sequentially-numbered international 
drafts that totaled millions of dollars that were drawn from accounts related to officials of Saudi 
Arabia, and that were returned to the bank; and dozens of sequentially-numbered cashier’s 
checks that were drawn from accounts related to officials of Saudi Arabia made payable to the 
account holder. There was regular contact with the FBI investigators throughout this 
examination. We provided the FBI with voluminous amounts of documents and information on 
the suspicious transactions, including information concerning transactions at the bank that the 
FBI previously was not aware of. The OCC also hosted a meeting with the FBI to discuss these 
documents and findings. Throughout this process we provided the FBI with important expertise 
on both general banking matters, and on some of the complex financial transactions and products 
that were identified. 

The July 2003 C&D order directed the bank to take a number of steps to correct deficiencies in 
its internal controls in the BSA/AML area and to strongly consider staffing changes. Among 
other requirements in this action, the OCC directed the bank to: 

• Flire an independent, external management consultant to conduct a study of the Bank’s 
compliance with the BSA, including, training, SAR monitoring, and correcting 
deficiencies and conduct a risk assessment for compliance with the BSA throughout the 
bank. 

• Evaluate the responsibilities and competence of management. In particular, the 
consultant’s rqrort to the board of directors must address, among other things, the 
responsibilities and competence of the bank’s BSA officer, and the capabilities and 
competence of the supporting staff in this area. Within 90 days, the board of directors 
must determine whether any changes are needed regarding the bank’s BSA officer and 
staff; 

• Adopt and implement detailed policies and procedures (including account opening and 
monitoring procedures) to provide for BSA compliance and for the appropriate 

' identification and monitoring of high risk transactions; 

• Ensure effective BSA audit procedures and expansion of these procedures. Within 90 
days the board of directors must review and evaluate the level of service and ability of 
the audit function for BSA matters provided by any auditor; and 

• Ensure bank adherence to a comprehensive training program for all appropriate 
operational and supervisory personnel to ensure their awareness and their responsibility 
for compliance with the BSA. 

The OCC began its next examination of the bank’s BSA compliance in October 2003. The 
purpose of this examination was to assess compliance with the C&D order and the PATRIOT 
Act, and to review accounts related to the Embassy of Equatorial Guinea. It was clear from this 
examination that the bank had made progress in complying with the order and in improving its 
AML program. Another notable accomplishment was the successful implementation of the long 
planned system upgrade that significantly improved the information available to bank staff and 
management to monitor account activity and identify suspicious activity. Notwithstanding, there 
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were significant areas of noncompliance noted by our examination. The examiners found that, as 
with the Saudi Embassy accounts, the bank lacked sufficient policies, procedures and controls to 
identify suspicious transactions concerning the bank’s relationship with Equatorial Guinea. 

These transactions involved millions of dollars deposited in a private investment company 
owned by an official of the country of Equatorial Guinea; hundreds of thousands of dollars 
transferred from an account of the country of Equatorial Guinea to the personal account of a 
government official of the country; and over a million dollars transferred from an account of the 
country of Equatorial Guinea to a private investment company owned by the bank’s relationship 
manager. The findings from this examination, as well as previous examination findings, formed 
the basis for the OCC’s recent CMP and C&D actions. 

In retrospect, as we review our BS A/AML compliance supervision of Riggs during this period, 
we should have been more aggressive in our insistence on remedial steps at an earlier time. We 
also should have done more extensive probing and transaction testing of accounts. Our own 
BSA examination procedures called for transactional reviews in the case of high-risk accounts, 
such as those at issue here, yet until recently, that was not done at Riggs in the Saudi Embassy 
and the Equatorial Guinea accounts. Clearly, the types of strong formal enforcement action that 
we ultimately took should have been taken sooner. This is not a case where the deficiencies in 
the bank’s systems and controls were not recognized, nor was there an absence of OCC 
supervisory attention to those deficiencies. But we failed to sufficiently probe the transactions 
occurring in the bank’s high-risk accounts and we gave the bank too much time, based on its 
apparent efforts to fix its own problems, before we demanded specific solutions, by specific 
dates, pursuant to formal enforcement actions. As described below, we have reevaluated our 
BSA/AML supervision processes in light of this experience and we will be implementing 
changes to improve how we conduct supervision in this area. The Comptroller has also directed 
that our Quality Management division undertake an internal review of our supervision of Riggs. 
These steps are outlined more fully below. 

Improvements Undertaken to Improve BSA/AML Supervision 

While we believe our overall supervisory approach to BSA/AML compliance has been rigorous 
and is working well, we are committed to ongoing evaluation of our approaches to BSA/AML 
compliance and to appropriate revisions to our approach in light of technological developments, 
and the increasing sophistication of money launderers and terrorist fmancers, as well as to 
address aspects of the process where shortcomings were evidenced in the Riggs situation. 

Recent and current initiatives include the following: 

• As previously mentioned, together with the other federal banking agencies, we recently 
developed revised examination procedures for several key sections of the PATRIOT Act 
and we expect to be issuing a revised version of our BSA Handbook by the end of the 
year. 

• We plan to develop our own database of national bank-filed SARs with enhanced search 
and reporting capabilities for use in spotting operational risk including in the BSA/AML 
area. This database will be compatible with the OCC’s supervisory databases and will 
enable us to: (1) generate specialized reports merging SAR data with our existing 
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supervisory data, (2) sort SAR information by bank asset size and line of business, and 
(3) provide enhanced word and other search capabilities. 

• We are developing and will implement nationwide, a new risk assessment process to 
better identify high-risk banks. This system uses standardized data on products, services, 
customers, and geographies to generate reports that we will use to identify potential 
outliers, assist in the allocation of examiner resources, and target our examination scopes 
(e.g., particular products or business lines). 

• We are exploring with FinCEN and the other agencies better ways to use BSA 
information in our examination process, so that we can better pinpoint risks and secure 
corrective action. Upon completion of FinCEN’s BSA Direct initiative (currently under 
development), the OCC will have direct access, as opposed to dial-in access, to the SAR 
database. We expect that this direct access system will allow us to make better and more 
effective use of FinCEN’s SAR database. 

• We are also exploring how we can systematically capture BSA/AML criticisms in 
examination reports so that we can track situations where no follow-up formal action has 
been taken. 

• Our Committee on Bank Supervision also has sent an alert to remind and reinforce for 
OCC examination staff the need to recognize accounts and transactions that appear to be 
anomalous or suspicious or that have other characteristics that should cause them to be 
considered high-risk in nature, and to conduct additional transaction testing and 
investigation in such situations. 

In addition, specifically with regard to Riggs, the Comptroller has directed our Quality 
Management Division to immediately commence a review and evaluation of our BSA/AML 
supervision of Riggs. This review will include an assessment of whether we took appropriate 
and timely actions to address any shortcomings found in the bank’s processes and in its 
responses to matters noted by the examiners, and the extent and effectiveness of our coordination 
and interaction with other regulators and with law enforcement. The Comptroller has also asked 
for recommendations for improvements to our BSA/AML supervision and our enforcement 
policy with regard to BSA/AML violations. 

Conclusion 


The OCC is committed to preventing national banks from being used, wittingly or unwittingly, to 
engage in money laundering, terrorist financing or other illicit activities. We stand ready to work 
with Congress, the other financial institution regulatory agencies, the law enforcement agencies, 
and the banking industry to continue to develop and implement a coordinated and comprehensive 
response to the threat posed to the nation’s financial system by money laundering and terrorist 
financing. 
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Audit 

Report 


OIG 

The Department of the Treasury 
Office of Inspector General 


November 29, 2001 

John D. Hawke, Jr. 

Comptroller 

Office of the Comptroller of the Currency 

The Office of the Comptroller of the Currency (OCC) is responsible 
for ensuring that the financial institutions under its supervision 
comply with the Bank Secrecy Act (BSA), In recent years, trust 
and private banking services have become an increasingly 
important component of the BSA and have provided the banking 
industry an increased stream of revenue. 

This is the third in a series of Office of Inspector General (OIG) 
audits covering BSA examinations conducted by OCC. Our earlier 
audits focused on bank wide BSA controls at domestic and foreign 
banks. The overall objective of this audit was to evaluate OCC's 
examination coverage and supervision of trust and private banking 
services under the BSA. To conduct our audit, we visited OCC 
headquarters and field offices, reviewed examination files and 
interviewed responsible officials and examiners. Our audit covered 
a sample of BSA examinations completed between March 1 996 to 
June 2000. A detailed description of the objectives, scope and 
methodology is presented in Appendix 1 , 

Results in Brief 


We believe that OCC has taken many important steps to improve 
BSA examinations. For example, OCC recently revised the 
agency's BSA examination handbooks and created a Deputy 
Comptroller position to supervise among other things BSA work 
performed by compliance examiners, OCC also issued guidance 
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which requires each supervisory office to be responsible for 
planning, staffing and coordinating BSA and anti-money laundering 
examinations of bank asset management services. We believe 
these and other changes will provide OCC with a more focused 
approach to performing BSA examinations. However, as discussed 
below, we found that greater OCC attention is warranted in the 
trust and private banking areas, 

First, trust and private banking services were not always included 
as a part of a bank's overall BSA examination. Specifically, 1 7.6 
percent of the trust examinations reviewed (6 of 34) did not show 
evidence of BSA examination coverage. Similarly, BSA 
examinations at 60 percent of the banks offering private banking 
services (1 2 of 20) did not cover the private banking services. The 
examinations identified that OCC management were not always 
closely monitoring the results of BSA examinations, (see page 10). 

Second, 32 percent (9 of 28) of the examinations performing BSA 
reviews did not fully comply with OCC BSA examination guidelines. 
We identified examinations where the wrong examination 
handbook had been followed, and instances where examiners did 
not perform the applicable examination procedures. This is similar 
to findings identified in our prior BSA audit report issued in January 
2000. However, our prior report covered bank wide BSA reviews 
and did not specifically examine trust and private banking services, 
(see page 1 7). 

Third, some of the BSA examinations lacked sufficient testing of 
high-risk transactions commonly associated with money laundering 
or lacked review and evaluation of critical BSA reports that banks 
are required to file. Specifically, examiners did not always test 
wire transfers, transactions with foreign correspondent banks, 
currency transaction reports or suspicious activity reports. For 
example, in both trust and compliance examinations where 
transaction testing was performed, examiners reviewed these areas 
generally less than 40 percent of the time, (see page 20), 

Fourth, we believe the BSA examination procedures contained in 
OCC's newly revised handbooks could be improved through a few 
enhancements, clarifications and reassessment. For example. 
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during our audit examiners were using the older BSA handbook that 
contained 1 2 mandatory procedures, the revised BSA handbook 
contains over 45 mandatory procedures. Similarly, the 
Community Bank handbook grew from 1 8 to over 30 mandatory 
procedures. In our opinion, the number of new mandatory 
procedures may be too rigid in light of the varying degrees of 
compliance risk at different banks and OCC's own strategic plan, 
which calls for using risk-focused examination procedures, (see 
page 23). 

Accordingly, we make several recommendations in the report. We 
believe OCC could improve its supervision and BSA examinations 
of trust and private banking services by (1) requiring coverage in all 
BSA examinations, (2) improving the monitoring process used in 
management oversight, (3) completing all mandatory examination 
procedures, (4) ensuring that examiners use the correct 
examination handbook, (5) ensuring that examiners complete 
testing of high risk areas, (6) reassessing whether the new BSA 
examination procedures should be mandatory or optional, and (7) 
reassessing whether the same examination sampling methodology 
contained in the large bank handbook should be used in the 
Community Bank handbook. Our recommendations take into 
account OCC’s risk focused examination approach. 

OCC concurred with our reported findings and recommendations 
and has committed to undertake various management actions in 
response to the report. For the full text of OCC's response to our 
draft report see Appendix 4. Under separate correspondence, OCC 
has committed to take corrective action within 90 days after 
issuance of the final report. 


Background 


Trust and private banking services are growing increasingly 
important to the banking industry as a source of revenue. 
However, there is growing worldwide concern that these services 
may be conduits for criminal money laundering. The BSA was 
enacted as one means to stem such activity. OCC is actively 
conducting bank wide BSA examinations that focus on the 
effectiveness of bank internal controls to detect and prevent 
money-laundering activity. 
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Trust Services 


Trust services involve a fiduciary relationship in which the trustee, 
such as a bank, holds and/or manages property for their clients and 
any beneficiaries. Trust accounts are generally set up to achieve 
long term goals in accordance with a trust agreement and offer 
privacy and confidentiality to their bank customers. 

As of September 30, 2000, there were 907 OCC regulated 
National Banks with trust charters whose aggregate trust assets 
exceeded $3 trillion. 

Although typical trust activity may not result in the large, quick 
movement of funds as with private banking activity, trust activity 
can involve all of the high-risk circumstances conducive to money 
laundering. In October 2000, 11 of the world's largest banks 
agreed to a set of global anti-money laundering guidelines for 
international private banks including those offering trusts. 

In February 2001, the Financial Action Task Force (FATF) on 
Money Laundering, an international policy coordination group, 
issued a report on money laundering methods’. Trusts were 
identified as vehicles that were easy to establish but difficult to 
monitor. Most governments have no registration requirement or 
central registry. In fact, trusts may be formed with the intention of 
taking advantage of strict privacy or secrecy rules in order to 
conceal the identify of the true owner or beneficiary of the trust 
assets. For these reasons, trust accounts are viewed as potential 
vehicles that criminals can use to launder money. The FATF also 
noted that trusts have also been used as a layering technique to 
disguise illicit proceeds of criminal activity and create the 
impression of legitimacy. 

Private Banking 

In contrast to the tangible nature of bank trust services, private 
banking generally refers to arrangements or relationships between a 
bank and select clients rather than to specific products or services. 
Private banking services are tailored for high net worth individuals 


’ Financial Action Task Force on Money Laundering, Report on Money Laundering Typologies 2000 
2001. February 1, 2001 FATF-Xil. 
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and include personalized services such as money management, 
financial advice and investment services. Private banking activities 
are generally conducted through relationship managers who provide 
the client the expertise to utilize the various services the bank 
offers. 

In essence, there is no industry wide reporting of private banking 
assets or private banking accounts. Unlike trust charters, OCC 
does not issue a separate charter to those institutions offering 
private banking and the banking industry has no standard definition 
for private banking services. Thus, we were unable to identify the 
total number of OCC regulated banks that offer private banking or 
to estimate the value of the assets covered by private banking 
arrangements. However, a 1 999 Washington Post article 
estimated that private banking units manage $15,5 trillion 
worldwide. 

Confidentiality is an attractive and important feature of private 
banking arrangements. Private banking is thought to be particularly 
sensitive to money laundering because large sums of money are 
managed through these confidential private banking arrangements. 
For example, a study found that private banking customers have, 
on average, a minimum investment account of $300,000, and a 
net worth of $2.3 million^. 

Law enforcement and bank regulators have expressed concern 
about offshore private banking activities and their potential to be a 
banking "soft spot" for money laundering^. Some private banking 
customers are known to reside in countries identified as high-risk 
areas for drug trafficking and money laundering. Concerns about 
private banking activities have also been raised in Congress. For 
example, in November 1999, the Senate Permanent Subcommittee 
on Investigations heard testimony that criminals were using certain 
private banking services in attempts to launder money. Recently, 
Congress investigated high profile money laundering cases 
involving private banking customers using offshore accounts or 


^ Information on Private Banking and Its Vulnerability to Money Laundering, GAO/GGD-98-1 9R. Oct. 30, 
1997. 

^ Money Laundering: Regulatory Oversight of Offshore Private Banking Activities, GAO/GGD-QS-I 54, 
June 29, 1998. 
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transactions to facilitate the movement of illicit funds through the 
banking system. 

Money Laundering and the Bank Secrecy Act 


Money laundering is the means by which criminals transform their 
illicit proceeds into legitimate appearing assets. This in turn allows 
them to continue to operate and expand their criminal enterprises. 
Money laundering worldwide is estimated to exceed $500 billion a 
year, and more than 1 70 crimes are identified in the federal money 
laundering statutes. 

Congress enacted The Currency and Foreign Transactions 
Reporting Act*, also known as the BSA, to prevent banks and other 
financial institutions from acting as intermediaries for the transfer 
or deposit of money derived from criminal activity. Congress 
delegated to the Secretary of the Treasury the authority for 
administering the BSA regulations. The implementing regulation, 

31 CFR Part 103, requires financial institutions to file certain 
currency and suspicious activity reports and to maintain certain 
records for possible use in criminal, tax and regulatory proceedings. 
These BSA record keeping and reporting requirements provide a 
paper trail to help law enforcement agencies investigate money 
laundering activities. 

The OCC and other bank regulatory agencies are responsible for 
monitoring financial institutions' BSA compliance through their 
examination and supervision activities, A primary regulation for 
OCC is 1 2 CFR § 21.21, which was issued to ensure that all 
national banks establish and maintain procedures reasonably 
designed to ensure and monitor compliance with the BSA and 31 
CFR Part 1 03. Banks are expected to have a written BSA 
compliance program with at a minimum, a system of internal 
controls to ensure compliance, testing for compliance, coordination 
and monitoring of day-to-day compliance and personnel training. 

OCC BSA Examinations 


Generally compliance examiners, who are specifically trained in the 
BSA, reviewed and evaluated bank wide controls including those 


‘Title 31 use Sections 5311-5330 and 12 USC Sections 1818(s), 1829(b), and 1951-1959. 
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covering private banking, while trust examiners reviewed specific 
trust accounts for compliance and unusual activity. Depending on 
asset size, and other factors such as a risk assessment of each 
bank, BSA examinations are generally completed every 1 2 to 36 
months. 

OCC examiners conduct BSA examinations of trust and private 
banking units based on procedures in 3 handbooks: Community 
Bank Consumer Compliance (updated November 2000), Bank 
Secrecy Act (updated September 2000), and the Community Bank 
Fiduciary Activities Supervision handbook (dated September 1998). 

During our review separate exams were not required at banks 
offering trust and private banking services, although it's likely that 
trust exams were performed at a different time than the 
commercial BSA exam and by different examiners. 

During our review period, BSA examinations for banks with total 
commercial assets over $1 billion primarily focused on a bank's 
internal controls over its bank-wide operations. Also included are 
optional tests of bank transactions such as testing whether BSA 
reporting forms were fully and accurately completed. Community 
bank examination procedures can be used for banks with 
commercial assets up to $1 billion. These examinations rely 
heavily on transactional testing to assess BSA compliance. 


Findings and Recommendations 

Finding 1 Trust and Private Banking Services Were Not 

Always Covered In A BSA Examination 

We could find no evidence that trust and private banking services 
were being covered as a part of a bank's BSA examination for 
some of the 34 sampled banks. OCC BSA examination guidelines 
require examiners to cover “specialty areas’’ such as trust and 
private banking services in all BSA large bank examinations. 
However, no such requirement exists in the community bank 
handbook because of the banks smaller size and they may not have 
specialty areas. 
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No Evidence of Trust BSA Examination Coverage At Some Banks 

To determine whether there had been BSA examination coverage 
of either trust or private banking services, we reviewed the latest 
trust and compliance examinations completed at our sample of 34 
banks. We looked for instances where BSA examination 
documentation indicated trust and/or private banking services were 
covered during the bank's BSA examination process. Where 
examination work was not clearly documented, we asked 
responsible examiners about the extent of such work completed in 
either area. 

We found no evidence of BSA examination coverage of trust 
services at six (17.6%) of the 34 sampled banks. Based on 
various factors reflecting BSA compliance risk, we considered 4 of 
the 6 to be of moderate risk and 2 low risk. (See appendix 2 for 
our risk assessment ratings). The trust assets managed by these 6 
banks ranged from about $660 million to over $30 billion. 

Table 1 below shows a breakout across three asset size categories 
of the sampled banks. 


Table 1 

Evidence of Trust Examination Coverage 

Samoled Banks Asset Size 

Trust Banks In 

Sample 

No Evidence of 

Trust Coveraae 

Over $1 Billion 

In Trust Assets 

24 

S {20.8 %) 

$250 Million to $1 Billion 

In Trust Assets 

9 

1 (11,1%) 

Under $250 Million In 

Trust Assets 

1 

0 {0.0%) 

Totals 

M 

§(17,6%) 


Source: OiG Analysis of OCC examination records 


Table 1 identifies the number of banks based on trust assets 
because this review focused on BSA coverage of trust services. 
Prior OIG BSA audits identified banks based on commercial assets. 
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The applicable OCC guidance for BSA trust examinations during our 
review period was the BSA handbook (dated September 1 996) and 
the Community Bank Consumer Compliance handbook (dated 
August 1 995). In OCC BSA examinations, the use of one 
handbook or the other is generally dependent on the amount of 
commercial assets rather than trust assets managed by a bank. 

The number of banks in our sample based on commercial assets 
included 1 2 banks over $1 billion, 1 1 between $250 million to $1 
billion and 1 1 banks under $250 million. 

For banks with over $1 billion in commercial assets, OCC policy 
stipulates that examiners are to use procedures from the BSA 
handbook. These procedures are commonly called the large bank 
procedures. For banks with total assets of less than $250 million 
with no regional or multinational affiliation examiners are required 
to use the Community Bank handbook. For banks with commercial 
assets between $250 million to $1 billion the examiners can use 
either handbook depending on the bank's structure and examiner 
judgment. 

According to the BSA large bank handbook, the examination scope 
requires examiners performing BSA examinations to ensure 
coverage for all banking units of the bank being examined. This 
includes specialty areas such as trust, private banking, 
correspondent banking, currency operations, credit card, 
international and discount brokerage. The Community Bank 
handbook does not specifically require examination coverage of 
trust services even though there is the potential money laundering 
risk associated with trust services. 

Aside from the BSA handbooks, we identified other factors 
suggesting that BSA examination coverage was warranted. 

• One bank with a moderate risk of money laundering had not 
received BSA trust coverage in either of its 2 most recent trust 
examinations. This covered a span of almost five years. 

• The six banks with no evidence of trust coverage contained 
over $67 billion in trust assets. 


OCC BSA Examination Coverage of Trust and Private Banking Services (OiG-02-016) Page 12 



86 


The absence of BSA examination coverage was similarly noted in 
two internal OCC quality assurance reviews in year 2000. The 
Central District's community bank quality assurance program 
review found 8 (53 percent) of the reviewed examinations failed to 
contain any evidence that the bank BSA review included the trust 
department. The Southwestern District's quality assurance review 
found 4 (40 percent) of the Asset Management (trust) 
examinations did not evaluate compliance with the BSA. The 
quality assurance report opined that this was a systemic 
deficiency. 

Private Banking Examination Coverage Also lacking 


We also found the absence of BSA coverage for many of the 
banks' private banking activities. As shown in Table 2, we found 
this for 1 2 (60%) of the 20 banks offering private banking 
services. 


Table 2 

Evidence of Private Banking Examination Coverage 

Sampled Banks 

Sampled Banks 

With Private Banking 

No Evidence 

Of Private 
Banking Coverage 

Over $1 Billion 

In Commercial Assets* 

14 

7 (50%) 

Under $1 Billion In 
Commercial Assets* 

6 

5 (83.3%) 

Totals 

22 

12 (60%) 


• Commercial asset size includes regional or multinational affiliation 
Source: OtG Analysis of OCC examination records 


As with our review of trust services, we found this condition by 
reviewing the examination workpapers and interviewing responsible 
examiners. Appendix 3 summarizes the BSA coverage for private 
banking services for the sampled banks. 

Weaknesses In Examination Process 


Based on our review of examination workpapers, discussions with 
examiners, and a review of OCC's supervisory monitoring system, 
we believe that several factors contributed to the observed gaps in 
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BSA examination coverage of trust and private banking services. 
These included handbook guidance, which do not specifically 
require coverage of trust and private banking services, and OCC's 
supervisory monitoring system's limited informational capacity to 
monitor BSA examination coverage. 

OCC handbook guidance does not specifically require detailed BSA 
examination procedures be applied to either specialty area. For 
example, the large bank handbook only requires that examiners 
review bank wide policies that address all business units. It does 
not require examiners to specifically cover trust or private banking 
and does not require mandatory transactional testing in these 
areas. The Community Bank handbook examination requirements 
do not require examiners to cover specialty areas because the 
banks are smaller and less likely to offer trust and private banking 
services. 

Given the widely acknowledged risk of money laundering with 
regard to trust and private banking services, we believe OCC could 
enhance its supervision of bank BSA compliance for both services 
by covering these areas in the banks’ risk analysis. Examination 
coverage in these areas should be mandatory unless the examiner's 
risk assessment documents why coverage is not warranted. As 
we were told by some OCC officials, BSA compliance risks are 
affected by various factors such as the effectiveness of internal 
and/or external audits, the nature and extent of trust and private 
banking services provided, and the presence of bank BSA policies 
and procedures. Expanded clarification on how these various 
factors are to be assessed and documented could provide not only 
examiner flexibility but also BSA coverage. 

We also inquired about OCC's examination monitoring system to 
determine how supervisors and/or managers monitor BSA 
examinations to ensure sufficient coverage, and whether they were 
aware of the lack of BSA coverage we found. We found that 
another contributing factor to the gap in BSA examination coverage 
may be the informational limitations of OCC's examination 
monitoring system. 

For supervision and monitoring purposes, the results of BSA 
examinations are recorded into OCC's Supervisory Monitoring 
System (SMS), This is an automated system used to record and 
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communicate narrative and statistical information on institutions of 
supervisory interest. During our review, SMS was the primary 
monitoring system that OCC management used to track 
examinations. However, in March 2001, OCC initiated a new 
monitoring system called Examiner View, 

The new monitoring system is an integrated system used by most 
examiners to plan and record the results of supervisory activities, 
including workpaper documentation. OCC personnel told us 
Examiner View can query information at all but the largest banks 
that OCC supervises. Unlike Examiner View, the older SMS is 
unable to query and track specialty areas of BSA examinations. If 
managers wanted to follow up on work completed in trust or 
private banking they would need to read the narrative for the entire 
compliance examination and then possibly call the examiner who 
completed the work to identify what was specifically completed. 

SMS also does not have the capability to automatically search 
examination records and generate reports to management alerting 
them that required BSA coverage was lacking. We believe these 
SMS system limitations did not allow managers to readily oversee 
or monitor BSA examinations to ensure required trust and private 
banking services were covered and examination procedures were 
fully implemented. However, the new Examiner View monitoring 
system should be more effective given its ability to query and track 
all specialty areas of most BSA examinations. 

OCC officials do not believe that mandatory examination coverage 
for trust and private banking services is needed in all BSA 
examinations. However, they agreed these services should be 
reviewed and included in the bank risk analysis. The officials also 
believe that the frequency of examination coverage for trust and 
private banking should depend on the level of risk relative to BSA 
compliance and money laundering. 

Recommendations 


1 . The Comptroller of the Currency should establish mandatory 
BSA examination coverage for trust and private banking 
services in all BSA examinations in the absence of a 
documented risk assessment to the contrary. 
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OCC Management Comment 

OCC concurred that in some cases, their examination teams 
could have expanded the scope of BSA examinations to include 
trust and private banking services. To address future 
examination coverage of trust and private banking services, 

OCC emphasized they would hold ongoing discussions with the 
examination staff on the need to perform and document risk 
assessments for each institution. OCC also plans to place a 
notice on their internal website to communicate to examiners 
the results and concerns of this audit. 

2. The Comptroller of the Currency needs to improve the 

examination monitoring process used by management to ensure 
adequate oversight of BSA examinations covering trust and 
private banking services. 

OCC Management Comment 

OCC concurred and stated they would communicate to 
managers the need to periodically monitor and identify, through 
Examiner View, examinations where examination procedures 
were performed on high-risk areas such as private banking and 
trust. OCC also stated that internal targeted quality assurance 
reviews of private banking and trust services would be 
conducted in 2002. 

OIG Comment 


We believe the management actions planned by OCC, if 
properly implemented, address the intent and conditions of 
recommendations 1 & 2. Furthermore, OCC plans to take the 
corrective actions within 90 days after issuance of this report. 


Finding 2 Trust BSA Examinations Did Not Always Comply With 
OCC Examination Policy 

When BSA examinations covered trust services, examiners did not 
always follow OCC's applicable BSA handbook guidelines. 
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Examiners did not always use the appropriate set of examination 
procedures or the complete set of procedures. 

Trust Examinations Were Not Always Complete 

OCC's BSA examinations covered trust services at 28 of the 34 
sampled banks. We found that the examination files generally 
identified and documented the work completed in an 
understandable manner and we were able to evaluate the actual 
work performed. But we found that in 9 (32.1%) instances the 
examination was incomplete because either none or only some of 
the mandatory procedures had been completed. During our review, 
OCC's BSA handbooks required 12 mandatory procedures for the 
large banks and 1 8 mandatory procedures for the community 
banks. 

Table 3 shows the nature and extent of incomplete trust 
examinations. 


Table 3 

Nature of Incomplete Trust Examinations 


Banks 

Receiving BSA 
Trust Exams 

None of the 
Mandatory 
Procedures 

Were 

Completed 

Mandatory 
Procedures 
Were Only 
Partially 
Completed 

Examinations 

Properly 

Following 

OCC Guidelines 

Totals 

28 

2 (7.1%) 

7 (25%) 

19 (67.8%) 


Source; OiG Analysis of OCC examination reccrds. 


Similar findings were identified in an OCC Community Bank quality 
assurance follow-up review for the Western District in March 
2000. The quality assurance review found that 6 of 1 6 (37.5%) 
examinations did not utilize the 1 2 mandatory steps for large bank 
examinations. The quality assurance review states in part that 
"confusion exists among examiners as to what is required to be 
performed for BSA". 

Contrary to OCC policy, examination workpapers usually did not 
adequately document why applicable large or community bank 
examination procedures were not completed. We asked OCC 
examiners to explain the omission of any required handbook 
procedures. Examiners cited various reasons such as: (1) the 
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examiner did not believe the step was mandatory in all 
examinations, (2) the examiner-in-charge waived the step, (3) the 
procedures were completed in earlier examinations with no 
identified problems, and (4) the BSA large bank procedures do not 
apply to banks having limited trust powers. When we inquired, one 
OCC policy official told us that these were not valid explanations 
for not documenting why a required BSA examination procedure 
was not performed. 

Examination Guidance Needs Clarification 


In reviewing the BSA examinations, we found that examiners did 
not always use the correct BSA handbook in completing the 
examinations. The Community Bank handbook with 1 8 mandatory 
procedures can be used for banks with assets up to $1 billion and 
must be used for banks with total assets under $250 million with 
no regional or multinational affiliation. For banks over $1 billion, 
examiners are to use the large bank handbook with 1 2 mandatory 
procedures. 

The Community Bank handbook does not specifically define what is 
to be included in determining asset size. The large bank handbook 
does not mention asset size. Neither handbook specifies whether 
the term bank assets is to be applied based on the bank's 
commercial assets, the trust department's managed or held assets, 
or some combination of these, or whether off-balance sheet assets 
are included, Another handbook offering guidance on handbook 
selection is the Overview handbook. However, even this handbook 
does not give the examiner a definition of which type of asset to 
use. We found that examiners had interpreted the asset size 
guidance differently. 

For example, in one case the trust and compliance examiners used 
different handbooks. The compliance examiners followed the 
community bank procedures because the commercial assets were 
under $250 million and the trust examiners used the large bank 
procedures because the trust assets were over $1 billion. In 
another examination, we found that the trust examiners used 
community bank procedures though the bank was affiliated with 
other banks having commercial assets over $1 billion. 
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Incomplete BSA Examinations Previously Reported By OIG 

In a prior January 2000 OIG audit report®’ we noted that OCC had 
not performed a complete BSA examination for 38 of the 82 
examinations we reviewed. Those examinations generally occurred 
in 1996 and 1997 and were based on bank wide BSA 
examinations, not specifically trust and private banking. 

Our current audit of trust and private banking services suggest that 
OCC has not fully implemented corrective action regarding 
incomplete BSA examinations and this has become a lingering 
weakness. In responding to our prior audit, OCC agreed to (1 ) 
emphasize, through ongoing discussions with the examining staff, 
the need to perform all of the required examination procedures and 
(2) monitor examiner compliance through their quality assurance 
program beginning in 2000. 

Recent OCC quality assurance reviews have identified improving 
conditions relating to BSA examinations. However, corrective 
actions are still needed to ensure that BSA examiners follow and 
complete all applicable mandatory examination handbook 
procedures. 

Recommendations 


3. The Comptroller of the Currency needs to ensure that all 
required BSA examination procedures are completed when 
covering trust and private banking services. If examiners 
determine that a required procedure is not needed, the work 
papers should be annotated documenting the exceptions 
consistent with OCC's working paper policies. 

OCC Management Comment 

OCC concurred and stated they would communicate to 
examiners the need to perform ail required examination 
procedures, as well as the results and concerns raised in this 
report. 


’ Office of the Comptroller of the Currency Bank Secrecy Act Examinations Did Not Always Meet 
Requirements OIG 00-027, January 3, 2000. 
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Finding 3 


OIG Comment 

Our audit found that OCC had previously communicated to 
examiners the need to perform all required examination 
procedures and that this communication was not always 
followed, However in their response to this report, OCC also 
agreed to increase oversight and monitoring by managers 
through Examiner View. We believe that along with the 
implementation of Examiner View, OCC's planned corrective 
actions address the recommendation and underlying conditions. 

4. To better ensure that examiners use the correct examination 
handbook, the Comptroller of the Currency should clarify 
examination guidance as to what is to be specifically included in 
determining total assets. In addition, consideration should be 
given to covering this clarifying language in any associated BSA 
examination training. 

OCC Management Comments 

OCC concurred and stated they would communicate to 
examiners the definition of total assets and provide guidance on 
using the appropriate examination procedures for community 
and large banks. OCC also stated they planned to expand the 
training modules for BSA to provide guidance on using the 
appropriate examination procedures for community and large 
banks. 

OIG Comment 


We believe OCC's planned corrective actions adequately 
address the recommendation. 

Certain High-Risk BSA Areas Are Seldom Tested 

Examiners did not always test certain high-risk transactions 
commonly associated with money laundering or evaluate available 
BSA reports that banks are required to file. These high-risk areas 
were foreign correspondent banking and wire transfers; the reports 
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were the currency transaction reports and suspicious activity 
reports. 

Testing these high-risk areas could provide a more reliable 
assessment of a bank's BSA controls and could disclose situations 
that indicate potential money laundering. Testing normally involves 
reviewing a sample of trust or private banking customer 
transactions. OCC's prior BSA handbooks did not require 
transactional testing for trust or private banking services regardless 
of bank size or risk. In our sample, we believe that over 80 
percent of the banks reviewed were moderate to low risk. 

Fourteen of the banks in our sample maintained correspondent 
accounts with foreign banks to facilitate the transfer of customer 
funds between countries. Foreign correspondent accounts may 
face increased risk for money laundering due to the activities and 
services they provide, particularly if they are located in a secrecy 
haven. 

Money launderers may use wire transfers to quickly move funds 
through multiple accounts and banks making it difficult to trace 
their origin. Criminals can also use wires to move money out of 
the country through a bank account in a country where laws are 
designed to facilitate secrecy. 

Large currency transactions are also subject to special bank 
reporting as a means for law enforcement to detect potential 
money laundering. Examiners can also review the Currency 
Transaction Reports (CTR) as a means of detecting potential money 
laundering and test bank compliance with the reporting 
requirement. 

Similarly, banks are required to file Suspicious Activity Reports 
(SAR) for any suspicious transaction relating to a possible violation 
of law, including money laundering. As with CTRs, SARs also 
provide law enforcement an audit trail for investigative purposes. 

Table 4 below shows the frequency these high-risk areas were 
tested and/or available reports were evaluated for our sampled 
banks. 
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Table 4 

Testinti of High Risk Transactions 

Transactions Applicable to 
Business Unit 

Banks Offering 
Service 

Instances 
Where 
Transaction 
s Tested 

Rate Of 
Coverage 
as a 

Percent 

Trust Services (28 banks) 

Foreian Correspondent Banking 

12 


8.3 % 

Wire Transfers 

26 

13 

50 % 

Large Cash Transactions 

21 

7 

33 % 

Suspicious Activity Reports 

28 

3 

10,7 % 


Private Bankina Services (8 banks) ^ 

Foreign Correspondent Banking 

7 

0 

' 0%1 

Wire Transfers 

8 

4 

50 % 

Large Cash Transactions 

8 

3 

37.5 % 

Suspicious Activity Reports 

8 

2 

25 % 


Source; OIG Analysis of OCC examination records 


Table 4 excludes the 6 banks where there was no BSA examination 
coverage of trust services, as well as the 1 2 banks where the BSA 
examination did not cover private banking. 

We believe that transactional testing in high-risk areas is a reliable 
means of assessing BSA program compliance. Transactional 
testing in these areas also provides examiners some assurance that 
bank wide internal controls are working as intended. 

OCC officials at the exit conference agreed that testing of high-risk 
areas is important in BSA examinations. However, they believe 
that mandatory transactional testing for the noted high-risk areas is 
not necessary in all situations. OCC officials also noted that the 
new BSA handbooks contain examination procedures that include a 
review of CTRs, SARs, and foreign correspondence accounts in 
high-risk banks in order to draw a sample for testing compliance. 
The sample size of the high-risk areas is to be based on the overall 
risk profile of the bank. 

Recommendation 


5. The Comptroller of the Currency should ensure that examiners 
complete transactional testing of high-risk BSA areas in trust 
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Finding 4 


and private banking unless the documented bank risk 
assessment deems it unnecessary, 

OCC Management Comments 

OCC concurred and stated they would convey to examination 
staff the need to perform transactional testing procedures, using 
the recently issued BSA/AML examination procedures, on areas 
identified in the risk assessment as high-risk, 

OIG Comment 


We believe OCC's planned corrective actions will address the 
recommendation and underlying conditions if properly 
implemented. 


Opportunities To Improve BSA Handbook Guidance 

In late 2000, OCC revised its BSA examination handbook 
procedures for both large and community banks. We reviewed the 
new handbooks to see whether the new procedures would address 
the examination weaknesses we noted in this audit. We identified 
2 areas where there appears to be an opportunity to further 
enhance the BSA examination handbooks. 

First, the new BSA handbook now has over 45 mandatory 
procedures while the new Community Bank handbook has over 30 
mandatory BSA procedures. We believe these mandatory 
procedures may not always be warranted because the risk of BSA 
compliance and a given bank's exposure to money laundering 
varies across banks. For example, the type of bank internal 
controls likely vary from very elaborate sophisticated systems to 
minimal published policies that might be reviewed based on 
available staffing. Examination efficiencies may accrue by 
affording examiners greater discretion in applying the mandatory 
procedures to the specific risk of a given bank. 

Second, the Community Bank handbook recommends a sample size 
of only 5 accounts or transactions for testing purposes. We 
believe this number may be too small to provide a reliable basis for 
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an examiner's conclusions. We believe that OCC examiners could 
improve transactional testing effectiveness by basing the sample 
size selection on the bank's risk profile similar to that used in 
OCC's large bank handbook. The primary advantage is that the 
large bank handbook links the sample size to risk and not an 
arbitrary number. Furthermore, the large bank handbook sampling 
provides sufficient flexibility to use a small sample size should 
conditions and risk warrant a smaller sample. 

OCC officials at the exit conference stated they believed this 
finding was somewhat inconsistent in that findings 1 through 3 
identify lack of examination effort while this finding suggests OCC 
may be expending too much effort. We believe this inconsistency 
is one of context. Our prior observations took into account the risk 
of each sampled bank. The purpose of our report 
recommendations is to ensure coverage for trust and private 
banking services unless the documented risk assessment deems it 
unnecessary. Furthermore OCC's strategic plan calls for using risk 
focused examination resources based on need and risk while the 
new BSA handbooks mandate the same minimum coverage for 
every bank regardless of need and risk. 

OCC officials also stated they realize the new number of 
mandatory BSA procedures is higher than those in the older 
handbooks but reasonable because the procedures cover many 
basic preliminary steps. The officials noted a review could be 
conducted to consider scaling back the procedures should it 
become apparent that the increased numbers of mandatory 
procedures were burdensome or impractical. 

Further, OCC officials believed the recommended sample size of 5 
for transactional testing in the Community Bank handbook is 
reasonable because community banks are usually small, have fewer 
transactions than large banks and offer fewer services to their 
customers. 

Recommendations 


6. The Comptroller of the Currency should reassess whether 
making the new examination procedures optional rather than 
mandatory would provide examiners greater flexibility in aligning 
examination procedures with the bank's BSA compliance risk. 
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This would not be contrary to OCC's Strategic Plan calling for 
risk focused examination procedures. Furthermore, if the 
procedures are made optional, OCC must ensure that the basis 
for not completing an examination procedure is adequately 
annotated In the working papers in line with OCC's working 
paper documentation policies. 

OCC Management Comments 


OCC concurred and stated during 2002, they will reevaluate the 
effectiveness of the new procedures and revise the procedures 
as warranted. During this review, they will also consider a 
number of factors, including feedback from the examination 
staff, examination results, review findings, and examination 
efficiency measures. 

7. The Comptroller of the Currency should reassess whether the 
large bank sampling methodology for BSA transactional testing 
should be used for community banks to replace the current 
arbitrary sample size of 5 currently used. The large bank 
sampling approach should provide sufficient sampling flexibility 
for smaller samples given the focus on risk. 

OCC Management Comments 

OCC concurred and stated they will closely evaluate appropriate 
changes to the community bank examination approach, 
including sampling methods, in the context of risk-based 
supervision. 

OIG Comment 


We believe that OCC's planned corrective actions address the 
intent of recommendations 6 & 7. It should also be noted that 
OCC's planned internal targeted quality assurance reviews of 
both private banking and trust for 2002 should provide added 
insights from which to further assess the OIG's 
recommendations. 


♦ 


* * ♦ it! 
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We would like to extend our appreciation to OCC for the cooperation 
and courtesies extended to our staff during the audit. If you have any 
questions, please contact me at (415) 977-8810 ext. 222 or John A. 
Richards, Audit Manager, at (415) 977-8810 ext. 225. Major 
contributors to the report are listed in Appendix 5. 


/S/ 

Benny W. Lee 

Regional Inspector General for Audit 
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Appendix 1 

Objectives, Scope, and Methodology 


The objective of the audit was to evaluate OCC's BSA examination coverage over 
trust and private banking services. Specifically, we sought to determine if BSA 
examination procedures were adequate to ensure that national banks had sufficient 
controls and procedures to comply with the BSA, and prevent and detect money 
laundering through trust and private banking activities. We also sought to determine if 
examiners were complying with OCC examination guidelines and if additional 
examination procedures or supervision were needed. 

We visited OCC Headquarters in Washington, D.C,, and 7 OCC district or field offices 
located in Charlotte, North Carolina, Dallas, Texas, Glendale and San Francisco, 
California, Miami, Florida, New York City, New York, and Pittsburgh, Pennsylvania. At 
OCC headquarters, we obtained BSA guidance provided to field examiners, including 
specific examination procedures to be used in conducting all BSA examinations. At 
each field location visited, we reviewed and discussed bank examination strategies 
and BSA policies and procedures with managers and examiners. 

Additionally, we reviewed a judgmentally selected sample of 34 recent BSA 
examinations completed on national banks holding trust charters. Our sample included 
5 banks that were supervised by OCC's large bank supervision group, 7 other banks 
with commercial assets over $1 billion and 22 banks with commercial assets under $1 
billion. Twenty of the 34 banks in our sample offered private banking services. The 
examinations we reviewed were completed between March 1 996 and June 2000. 

OCC Headquarters personnel in the compliance and policy groups helped us to identify 
banks that would be generally representative of banks with trust powers. 

Accordingly, most banks selected offered a wide range of trust services, such as 
estate planning and administration, retirement accounts, and investment services. 
Further, many of the 34 banks were located in High Intensity Drug Trafficking Areas 
(HIDTA) as designated by the Office of National Drug Control Policy. 

The 34 banks with trust charters had assets ranging from about $124.7 million to 
$694.6 billion. These banks held a total of over $2 trillion in trust assets. OCC does 
not issue a separate charter to those banks offering private banking and therefore was 
unable to provide us the number of banks offering private banking services or the 
estimated asset size of private banking accounts. 
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Appendix 1 

Objectives, Scope, and Methodology 


Our sample also contained two of the twenty banks surveyed for correspondent 
banking by the Minority Members of the Permanent Subcommittee on Investigations®. 

With many of the sampled banks located in HIDTA areas we expected each trust 
examination to have full compliance with OCC BSA guidelines and complete minimal 
trust BSA work at each bank regardless of risk. Further, as the bank risk increased for 
potential money laundering activities we looked to see if the number of BSA 
examination procedures and work performed increased proportionately. 

To help us assess the adequacy of BSA examinations, we developed a risk profile of 
each bank in our sample. We used the profiles to evaluate institutional risk including 
the risk of the bank violating BSA regulations, or the bank's clients using their trust or 
private banking accounts to launder money. Factors we considered in developing the 
risk profile included: 

• the products and services offered to trust and private banking customers; 

• the typical trust or private banking client having an account with the institution; 

• the number of clients who were non-resident aliens, especially those residing in 
bank secrecy havens, or countries known to be heavily involved in drug trafficking; 

• whether trust or private banking accounts included high risk business entities, such 
as check cashing or currency exchange facilities; 

• whether the bank had off-shore accounts, foreign branches, and foreign 
correspondent banking relationships (especially with banks located in bank secrecy 
havens, or countries known to be heavily involved in drug trafficking); 

• identifying the level of cash transactions processed by the bank; and 

• Identifying the bank's procedures for controlling and monitoring transactions 
initiated by trust administrators and private bankers. 

We obtained information for the risk profiles from OCC's Supervisory Monitoring 
System printouts, BSA examination workpaper files, interviews with OCC examiners- 
in-charge and portfolio managers and background information from the bank's web 
site. Further, we primarily ranked the institutions as high, moderate or low risk 
according to the type of services and products offered, type of clientele served and 
locations of business operations worldwide. We identified and evaluated OCC's 


^ Correspondent Banking: A Gateway For Money Laundering. S.Prt. 107-1 February 5, 2001 , Minority 
Staff Report. 
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Appendix 1 

Objectives, Scope, and Methodology 


examination procedures based on our bank profile and activities that pose the highest 
risk for money laundering. 

Finally, we also reviewed OCC's Policies and Procedures Manual 5400-8, dated 
February 4, 1997 to identify minimum examiner documentation standards. Our review 
evaluated all OCC examination work contained in workpaper files that directly focused 
on trust and private banking services. Our opinions are based on documentation found 
in the examination workpaper files and through discussions held with knowledgeable 
OCC examiners for each institution reviewed. 

We conducted our fieldwork between July 2000 and June 2001 in accordance with 
generally accepted government auditing standards. 
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Appendix 2 

Summary Of Trust Examination Coverage 


Sample 

Bank 

No. 

DIG 

Assigned 
BSA Risk Rating 

Did 

Examiners 

Apply 

Correct 

Handbook 

Procedures? 

Extent 

Mandatory 

BSA 

Procedures 

Completed 

Evidence of 

Trust Coverage? 






01 

HIGH 


ALL 

YES 

02 

LOW 

NO 

NONE 

NO 

03 

LOW 

NO 

NONE 

NO 

04 

HIGH 

YES 

ALL 

YES 

05 



SOME 

YES 

06 



ALL 

NO 

07 



ALL 

YES 

08 


YES 

ALL 

YES 

09 


YES 

SOME 

YES 

10 


NO 

NONE 

NO 

11 


YES 

SOME 

YES 

12 


YES 

ALL 

YES 

13 

LOW 

NO 

NONE 

YES 

14 

LOW 

YES 

ALL 

YES 

15 

HIGH 

YES 

ALL 

YES 

16 


YES 

ALL 

YES 

17 


YES 

ALL 

YES 

18 


YES 

ALL 

YES 

19 

Qg^||||||||||||H||||||| 

YES 

ALL 

YES 

20 


YES 

ALL 

YES 

21 


YES 

ALL 

YES 

22 


YES 

ALL 

YES 

23 


YES 

SOME 

NO 

24 


NO 

NONE 

YES 

25 


YES 

ALL 

YES 

26 

■.Vileleldrl'^ddi^HI 

YES 

SOME 

YES 



YES 

ALL 

NO 

28 


YES 

SOME 

YES 

29 


YES 

ALL 

YES 


■ 'nT'I'ITIMBBI 

YES 

ALL 

YES 

31 

MODERATE 

YES 

SOME 

YES 

32 

MODERATE 

YES 

ALL 

YES 

33 

HIGH 

YES 

ALL 

YES 

34 

HIGH 

YES 

SOME 

YES 









21 All 




29 YES 

8 some 

28 YES 



5 NO 

5 None 

6 NO 


OCC BSA Examination Coverage of Trust and Private Banking Services (OIG-02-016) Page 30 





104 


Appendix 3 

Summary Of Private Banking Examination Coverage 


Sample 

Bank 

No. 

OCC 

District 

Bank Offers 
Private 

Banking Services 

Size of Bank 
Based On 
Commercial 
Assets* 

Evidence of Private 
Banking Coverage 






01 

ME 

YES 

LARGE 

YES 

02 

NE 

N/A 



03 

ME 

YES 

COMM./LARGE 

NO 

04 

NE 

YES 

COMM./LARGE 

YES 

05 

NE 

N/A 



06 

NE 

N/A 



07 

NE 

N/A 



08 

W 

N/A 



09 

W 

YES 

LARGE 

NO 

10 

w 

YES 

LARGE 

NO 

11 

w 

YES 

LARGE 

YES 

12 

w 

YES 

LARGE 

NO 

13 

w 

N/A 



14 

w 

N/A 



15 

w 

YES 

COMM./LARGE 

NO 

16 

SE 

YES 

LARGE 

YES 

17 

SE 

YES 

LARGE 

YES 

18 

SE 

YES 

LARGE 

NO 

19 

SE 

N/A 



20 

SE 

YES 

COMMUNITY 

NO 

21 

SE 

N/A 



22 

SE 

N/A 



23 

SE 

YES 

LARGE 

NO 

24 

SE 

YES 

COMMUNITY 

NO 

25 

SW 

YES 

LARGE 

YES 

26 

SW 

N/A 



27 

SW 

YES 

LARGE 

NO 

28 

SW 

YES 

LARGE 

NO 

29 

SW 




30 

SW 

HHEZSHHHI 



31 

SW 




32 

SW 

YES 

COMM./LARGE 

NO 

33 

SW 

YES 

LARGE 

YES 

34 

w 

YES 

LARGE 

YES 









1 4 LARGE 





2 COMMUNITY 

8 YES 


t 20 YES 1 

4 COMM./LARGE 

12 NO 


*Large; over $1 bitiion, Comm, /Large: from $250 million to $1 billion. Community: under $250 million. 
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Appendix 4 

Management Comments 


MEMORANDUM 


Comptroller of thre Currency 
Administrator of National Banks 


Wa^ington, DG 20219 

To: acnnr W. Lfe. Regional Inspector General for 
Ptom: John D. Hawke. Jr.. Comptn>l!er of the Cairene 
Date: November 9. 2001 

Subject: Aadli ReiWit — BSA litamtn^ion Covemge o r't'ni^ and Privaie Ranking Services 

Wo have revicwcil your chuh: audit report titled Bunk Setnxy Act: iX'C Exumfmtiion C’ovuru^e 
oj- Tnixi (tad /Vjt-ti/e fiunkinK Scrvixxs. Wc welcome the opporttmiiy to respoml to your Rndtngs 
and: rccomtuendai ions . 

Ihe OlO rci.H?n rcprcscttis a review of J4 Bank Secrecy Act cxanilnapons of mutonal 

hank-s holding irtisi clwrwrs That vvero cbnduewd .iw the OCC .fccp^ I9<>ci and 2000. We are 
pleased' with the OlG's Imding that 14SA cr«am«»tiyfT tiles generally identified anU.documcniccl 
tfw work completed io an ujdfcrsiyiHlabte ntflimer. 

Ypor . report contains recommerKlations Ut addnss*. the audit, exceptions and to revise our 
eXiuninolion approach for RS A examinaiionh. As deified- heiow, we will take sieps to uddreSS’ 

your timJings and recomraendationti. 

Ekdibiination Coverage and Scope 

Your.fci>ort ■stat« that not all dfihe sampled DSA examinations included; 

* Coverage oftruii and private banking services: 

* Testing iitceriaih high-risk situations, and 

* PcrformhiKc of all mandatory procedures. 

We concur ihai, in some cases, the examimrtion team cvmki have expanded the scupe of their 
BSA cxamuiations lo cover all rcejuired procedures, trust aciiviiics. private banking services, or 
other high-risk situatious. Also, it should be noted llwt lire apiwopriale scope ofrcvicvvsitould be 
ri;>k*based. ihc foundation of the OCC’s risk -based j^liilosophy Is that all banks must have risk 
managcineni jwstenu in place to ideotify. measure. a>nirol and moniror risks. These systems 
jihtjuld be cotnmensurnte with the and comple.xity oft and risks assumed by. the institution. 
As noted in your repon. examiners should Include coverage of high-rUk situations unless the risk 
assessment deems it uitncccssorv . We rely on ihccxamincr's judgment to. deienninc if the scope 
olThe review should be expanded beyond the minimum procedures to ensure tiuality supervision. 


Audit 
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Appendix 4 

Management Comments 


In response U> the OIG’s findings regarding examinatton coverage and scope, the OCC will take 
tihe tbllowiflg a:tioos: 

» Communicate to examiners ^ results and concerns Identified by the OlG by placing a notice 
on our internal weteiic, 

• Emphasu^. through ongoing dhicusaons with die examimtioii safT, the need to: 1) perfbnn 
and document ri^ assessments for «adi institution, 2) perform all require examination 
pnjcedures. and 3) perform transactional testing procedures, using dto recently issued 
BS^AML ex^itkatioti procedures, on areas identified in die risk a^essment^ high-risk. 

• Comnumicate lo managers the need to periodit^Uy monitor and identi5‘< dtrough Exanuner 
View, cxamiiudions where examination procedures were performed on ht^>risk such 
as private hsnkutg and inis!. 

• CoimnuhicatB to exammers the deOnltion of total ^ets and provide guidance on using the 
aji^Rroptiateexarainatioci procedures for community and large banks. 

• Request that internal targeted quality asswance reviews of private banking and trust he 
conducted during 2002. 

• Expand Gaining modules for BSA to provide guidance on using the appropr^ examinadon 
procedures for community and large banks. 

Examinatloo Approach 

Your report recommends that we reassess the mandatory oaiute of our examination procedures 
and rossess the sampling mcthodolo^ used in conunimtty bank examinations. As you know, 
(Ito OCC tocenUy updated and pubiished its BSA/antHnoney laundering (AML) examination 
procedures for both comnumity and large banks. During 2002, we will reevaluate the 
cfTccrivencss of the new pcocodures and revise the procedures as warranted. Duriog this review, 
we yvilt consider a number of factors, includuig foedback from Ibe exanrinatton stoff, 
examination results, review findings, and examiiiadon efHciency measures. Also, we WUI 
closely evaluate appropriate changes to the commuiuty bank examination approach, ihctudlhg 
sampling methods, in the context of risk-based supervision. 

We are cominilled to ensuring diat our supervisory efforts with respect lo the Bank Secrecy Act 
and anli-iDoney laundering activities are compr^nsive and effective. We bdiew we have 
demonstrated that commitment through our expanded examinaiiim programs. While we feel we 
have made signiOcant progress in this area in the past lew years, wc will contiaue to addros 
identiried shortcoinii^ and strengthen our policies and practices. 

Technics} cixrectlons std editorial suggestions were provided to your auditors separately. We 
apfseciaie the opportunity to review and comment on the report. 
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Appendix 5 

Major Contributors to this Report 


Western Region 


John A. Richards - Audit Manager 
John E. Carnahan - Auditor-in-Charge 
Jack S. Gilley - Auditor 
Gale H, Dwyer - Auditor 
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The Department of the Treasury 

Assistant Secretary, Office of Financial Institutions 

Director, Office of Strategic Planning 

Director, Office of Accounting and Internal Control 


Office of the Comptroller of the Currency 

Comptroller 

Senior Deputy Comptroller for Mid-size and Community Banks 

Chief National Bank Examiner 

Senior Deputy Comptroller for Large Banks 

Deputy Comptroller for Compliance Operations and Policy 

Director, Enforcement and Compliance 

Director, Management Improvement 

Northeastern District Deputy Comptroller 

Southeastern District Deputy Comptroller 

Southwestern District Deputy Comptroller 

Western District Deputy Comptroller 

Senior Advisor (OIG/GAO Liaison) 

Office of Management and Budget 

OIG Budget Examiner 
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